I did a migration Sophos Firewall from SG 430 to a pair of XG 430 HA firmware version SFOS 18.0.4 MR-4. Our voice system cannot call external but able to make an internal call when we move the gateway of CUCM to the new Sophos XG firewall. I check the routing is fine, firewall rule has allowed logging. I think high chance the NAT causes the issue because the voice router belongs to the WAN zone, and CUCM belongs to the SERVER zone. I turn on the default MASQ nat rule for all traffic from inside zone go to WAN zone but when traffic from WAN goes in, is it necessary to define a NAT for it ?.
When I roll back the connection to the old SG 430 FW, the IP phone is working fine.
Anyone who gets the same issue please help give some advice to fix it. Thank you.
Below is the network diagram:
This thread was automatically locked due to age.
