Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 10 replies
  • Subscribers 28 subscribers
  • Views 2640 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

sip forwarding

TarekHalloun

hello

i am still facing issues with my grandstream ip pbx when i try to use phones over the internet

i have a public static ip on my xg125 and a forwarding rule for the sip and rtp ( for my internal ip pbx lan )

 

what can i check other than disabling sip from firewall which i already tried ? i had the same problem with a soft phone app and it is still no resolved

is my rule correct ?



This thread was automatically locked due to age.
Parents
  • 0

    Hello


    Question what Firmware Version do you have?

    Best regards

    Eli.

  • 0 in reply to Eli

    17.11 

    i did not like the 18 because i find the natting too complicated for me 

  • 0 in reply to TarekHalloun

    Hello  

    that explains why I did not understand the Rule buildup at first. There are huge changes between 17.1.1 [MR2] to the current 17.5 [MR11] allot of fixes and so on... ;)

    If you do not feel comfi. with the Version 18 Firmware the 17.5 release is already a huge change. If this will fix your issue ATM I can not tell. 

    I wish you the best and that you will find a solution best suited to your situation.

    Sincerely

    Eli.

  • 0 in reply to Eli

    i think i did not type it correctly : this is the firmware : SFOS 17.5.11 MR-11

  • 0 in reply to TarekHalloun

    Hello  

    now I understand what is going on... :D

    That just took a while to kick in.

    What Firewall Rule does apply for the PBX.

    Example:

    Example2:

    Sincerely

    Eli.

  • 0 in reply to Eli

    hi Eli i did not understand your post , i dont have a rule like this - my pbx forwarding rule is in my first post

  • 0 in reply to TarekHalloun

    Hello  

    hmmm... as I understand ATM is that there is only a NAT Rule active?! You need a FW Rule as well.

    Standard PBX Setup from my other Post. ;)

    had a similar experiance with a PBX from a german provider.

    What I needed to to was the following:
    - Disable SIP Module under CLI
    - Create a Host Object in the XG for the PBX
    - Collect all Information about Open Ports needed. (Provider dependant)
    - Create Service Objects for Ports needed by the PBX
    - Create a dedicated Firewall Rule with Enabled NAT Masq for the PBX that does not have IDS/IPS enabled since some Rules drop SIP connections.

    LAN, PBX Host-> WAN, (Provider IP) -> Services (Provider Service Ports needed or if not documented well "Any" for testing and logging)

    No Webfilter, No IDS / IPS, No SSL Inspection

    Sincerely
    Eli.

  • 0 in reply to Eli

    hello Eli 

    this is already done - please check the pictures of the firewall rule and tell me if i am missing something 

    What do you mean with this : - Create a dedicated Firewall Rule with Enabled NAT Masq for the PBX that does not have IDS/IPS enabled since some Rules drop SIP connections.

    i disabled SIP module from CLI

    Summary

    Source

    Source zones : LAN,WAN
    Allowed client networks : Any
    Blocked client networks :

    Destination

    Destination host/network : #Port2-102.68.58.74

    Forward to

    Protected server(s) : PBX
    Protected zone : LAN

Reply
  • 0 in reply to Eli

    hello Eli 

    this is already done - please check the pictures of the firewall rule and tell me if i am missing something 

    What do you mean with this : - Create a dedicated Firewall Rule with Enabled NAT Masq for the PBX that does not have IDS/IPS enabled since some Rules drop SIP connections.

    i disabled SIP module from CLI

    Summary

    Source

    Source zones : LAN,WAN
    Allowed client networks : Any
    Blocked client networks :

    Destination

    Destination host/network : #Port2-102.68.58.74

    Forward to

    Protected server(s) : PBX
    Protected zone : LAN

Children
No Data