Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 28 subscribers
  • Views 3262 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

FreePBX Server behind XG Firewall

Jae Lupo

Does anyone have a clear example on how to setup proper firewall rules for a FreePBX server running behind an XG firewall.  I have spent hours and hours on this as well as a consultant and we can't get inbound and outbound calls to work.  This is a 10 minute job on any other firewall we have worked on.  Between the two of us we have more than 40 years experience in IT and this is just impossible to configure.  Any help would be appreciated.  Thanks.

Sophos Firmware Version SFOS 17.5.8 MR-8


This thread was automatically locked due to age.
Parents
  • 0

    Hello @Jae Lupo,

    had a similar experiance with a PBX from a german provider.

    What I needed to to was the following:
    - Disable SIP Module under CLI
    - Create a Host Object in the XG for the PBX
    - Collect all Information about Open Ports needed. (Provider dependant)
    - Create Service Objects for Ports needed by the PBX
    - Create a dedicated Firewall Rule with Enabled NAT Masq for the PBX that does not have IDS/IPS enabled since some Rules drop SIP connections.

    LAN, PBX Host-> WAN, (Provider IP) -> Services (Provider Service Ports needed or if not documented well "Any" for testing and logging)

    No Webfilter, No IDS / IPS, No SSL Inspection


    Best regards
    Eli.

Reply
  • 0

    Hello @Jae Lupo,

    had a similar experiance with a PBX from a german provider.

    What I needed to to was the following:
    - Disable SIP Module under CLI
    - Create a Host Object in the XG for the PBX
    - Collect all Information about Open Ports needed. (Provider dependant)
    - Create Service Objects for Ports needed by the PBX
    - Create a dedicated Firewall Rule with Enabled NAT Masq for the PBX that does not have IDS/IPS enabled since some Rules drop SIP connections.

    LAN, PBX Host-> WAN, (Provider IP) -> Services (Provider Service Ports needed or if not documented well "Any" for testing and logging)

    No Webfilter, No IDS / IPS, No SSL Inspection


    Best regards
    Eli.

Children
  • 0 in reply to Eli

    Thank you Eli but I still can't get two way audio to work.  It appears the XG firewall is still blocking or dropping packets somehow.  I even opened all ports in and out to the machine and it still doesn't work.  I got attacked right away and shut that down but even during that short time the PBX server could not communicate properly.  Any other ideas?  Thanks.

  • FormerMember
    0 FormerMember in reply to Jae Lupo

    Hi Jae,

    Eli's reply pretty much covers the settings for VoIP traffic.

    If the PBX server is still not working, you could try to check if there is any blocking via log viewer by switching to Detailed view and filter with the PBX server IP address.

    Besides, it's worth checking how the phones are working with the PBX server, like how the phones send/receive traffic when making and receiving calls. Make sure the firewall rule is configured for the phones network to go to WAN or PBX server, if needed.

    The below is a KBA for VoIP tweaks on XG - 

    https://community.sophos.com/kb/en-us/127785

    If you are still facing the issue, you could create the support ID on the XG firewall and send it to me via PM. So I could jump in and have a look on the firewall.

    https://community.sophos.com/kb/en-us/122784

  • 0 in reply to FormerMember

    Thanks Captain.  I have already applied the tweaks in the KBA you sent and it didn't change anything.  I opened a support case if you want to take a look. Something is still blocking the PBX.  The trunks register with the SIP provider, the phones are outside the network and register with the PBX but the PBX says there is an issue with the port forwarding to the server and the phones can't dial out or receive calls.  Thanks.