Guys i´m getting crazy.....
What i am doing wrong?
DNAT Rule done
SIP ALG deactivated
SNAT connected to the DNAT with MASQ
any ideas?
This thread was automatically locked due to age.
Guest User!
You are not Sophos Staff.
Guest User!
You are not Sophos Staff.
Guys i´m getting crazy.....
What i am doing wrong?
DNAT Rule done
SIP ALG deactivated
SNAT connected to the DNAT with MASQ
any ideas?
Hello Community,
i'm right now also configuring a 3CX behind a ShophsXG 18 SFVH (SFOS 18.5.2 MR-2-Build380) and i got a SIP port error during the firewall check form 3CX.
Configuration
- Sophos XG is direct attached to a Modem and has the public IP at #Port1
- 3CX is running the test except the test of the port 5060 (shown below in my graphic).
IN/OUT bound rule or POrt 5060/UDP is configure
IN/OUT for Media, STUN is working well.
INBOUND calls are working.
Here my Output with the one and only issue Port 5060. All other results are green and "done:
Any SNAT/DNAT is based on the XG v18. No double NAT in place.
Any Idea what's wrong with Port 5060 ?
Regards
Chris
Hi Dvaid,
thanks for you quick response. I was on the verge of despair, because I could not resolve the error.
But after the twanzist Wireshark recording I saw it (ok sometimes you can not see the forest for the trees) and fices the port 5060 error as above shown.
The Issue was in the INBOUND Rule #115 in my screenshot.
I forgot the last entry to allow the revers route from STUN 3478-3479/udp to port 5060/udp at 3CX behind the XG.
After i updated the enty.
Now the 3CX is free of erros in the firewall check.
Thanks again
Regards
Chris
I will create an internal configuration document to get not confused about the minimum requirements for IN/OUT Sevices (Protocol/Ports) to save time in the future 
TCP is for TLS communication, but for the first step, the 3CX is running and in step two i had to check about Certifikate Update process without port 80/tcp in the inbound rule.
Regards
Chris