Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 28 subscribers
  • Views 3262 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

FreePBX Server behind XG Firewall

Jae Lupo

Does anyone have a clear example on how to setup proper firewall rules for a FreePBX server running behind an XG firewall.  I have spent hours and hours on this as well as a consultant and we can't get inbound and outbound calls to work.  This is a 10 minute job on any other firewall we have worked on.  Between the two of us we have more than 40 years experience in IT and this is just impossible to configure.  Any help would be appreciated.  Thanks.

Sophos Firmware Version SFOS 17.5.8 MR-8


This thread was automatically locked due to age.
Parents
  • 0

    Hello  

    what I forgot to ask is was what type of VoIP is in use with the PBX.

    I ask out of the reason that there are two types of SIP deployments:
    - SIP Trunk over PBX
    - SIP Client were the Phones are able to create there own VoIP connection and the PBX acts as a Accounting service

    Example:

    SIP Trunk
    Phone ----> PBX ----> FW ----> I-Net

    SIP Client
    Phone <----> PBX ---->FW ----> I-Net
    Phone -----> FW ----> I-Net

    Other factors is Network Setup:

    Normally PBX is in the Server Network 192.168.0.x /24
    Phone Network 192.168.100.x /24 
    The DHCP Config with Costum Option comes from the PBX or a DHCP Server were a Option can be added!
    The reason it the Route from Phone to PBX for downloading the config and route (if needed)

    If the setup is similar then there should be Two Rules one for the PBX to WAN with Services Needed and one for Phone to WAN with Services Needed

    Best regards
    Eli.


  • 0 in reply to Eli

    Eli,

    I am using SIP trunks.  The phones are all external say at a person's home working remotely.  The phones are hitting our gateway (XG Firewall) then forwarded to the internal FreePBX server.  The PBX server then connects to the SIP provider and provides the connection back to the phone.  The FreePBX server is registering with the SIP provider and the phones are registering with the FreePBX server.  The phones can make outbound calls and receive calls but now there is no audio both ways.  I have two rules setup a DNAT and and SNAT.  I know I am close to getting this to work but it is sill not right.

    Jae

  • 0 in reply to Jae Lupo

    Hello  

    I think the issue it the NAT between the Phones and PBX. The VoIP UDP Packets get dropped or not answered.

    The NAT used in such a case should be a 1:1 NAT - In another Part the address were it gets translated to needs a Firewall Rule in the XG.

    Example:

    PhoneExteralNet to PBX with Services needed [Optional] + NAT Rule Linked to this FW Rule or applied to ^^

    Same thing for the PBX

    PBX to WAN with Services needed [Optional] 

    Here is a short Explanation (Answered by LuCar Toni) what I mean by it with the NAT -> https://community.sophos.com/products/xg-firewall/f/network-and-routing/116643/example-for-full-nat

    Best regards

    Eli.

  • 0 in reply to Jae Lupo

    Is the issue only with remote phones, or does it happen with on-premise phones as well?

Reply Children
  • 0 in reply to Tim007

    Good question and unfortunately I don't know because all my users are working from home and I am in the US and they are in the UK. I have also set all their phones to connect to the external IP of the office so they can come and go with their phones as needed as this lock down continues.  For this reason even if the phone was in the office it is still going out and back in to connect.  I think I I have it working now with 3 rules and I will post them here in a little while after I test it further.  Maybe someone can see if the rules can be condensed into one one two but I think I need two full NAT rules for this to work as stated above by Eli.