Guest User!
You are not Sophos Staff.
Hello,
A customer has a big problem with their PBX in combination with Sophos XG. 2-3 times a day the tunnel is interrupted and all current phone calls drop. In the log I always see the invalid packets at the time. I have already increased the TCP session timeout to 6 hours but I don't see any direct correlation/improvement. It is a telephone system from Unify.
Regards
Daniel
You don't give much info regarding your setup and if this is something that just started and was working before or if this is a new installation of XG.
There are a couple of issues that cause disconnections generally (not just with telephony).
is a good summary of the problem with definition updates being installed
If you are using STAS make sure "Restrict client traffic during identity probe" is set to no.
We also have a bunch of notes to deal with SIP specific issues. I'm not going to talk you through them but it should give you enough to get you started.
# To check SIP ALG system system_modules show # To disable SIP ALG system system_modules sip unload # To load SIP ALG system system_modules sip load # Check UDP Timeout show advanced-firewall # Adjust UDP Timeout set advanced-firewall udp-timeout-stream 150 # When there is a Site-to-Site VPN and/or IPS configured in the XG, then the following two commands help resolving the VoIP calls drop or poor quality issue: show ips-settings # Shows current settings set ips sip_preproc disable # This will disable the preloaded IPS patterns for SIP set vpn conn-remove-tunnel-up disable # When disabled, it will not flush the connections when IPSec tunnels come up system system_modules h323 unload # If you plan on using video over VoIP at any point, unload the H323 helper Commands persist through reboots
You need to find the recommended UDP timeout for your SIP provider (or you can use Wireshark to find it).
