VoIP Remote Phone Registration Failing at Second location

Hello SophosNewby,

Thank you for reaching out to the community, there are couple of useful KB articles below which might help you in mitigating the situation:
> VoIP: https://docs.sophos.com/nsg/sophos-firewall/18.5/Help/en-us/webhelp/onlinehelp/AdministratorHelp/RulesAndPolicies/FirewallRules/FirewallVoIP/index.html
> UDP time-out value causes VoIP calls to drop or have poor quality: https://docs.sophos.com/nsg/sophos-firewall/18.5/Help/en-us/webhelp/onlinehelp/AdministratorHelp/RulesAndPolicies/FirewallRules/VoIPDropUDPTimeout/index.html
> How to turn the Session Initiation Protocol (SIP) module on or off: https://docs.sophos.com/nsg/sophos-firewall/18.5/Help/en-us/webhelp/onlinehelp/AdministratorHelp/RulesAndPolicies/FirewallRules/VoIPSIPModuleTurnOnOff/index.html

Thank you, Vivek I have gone thru all the documentation I can find and the problem is I have the 2 remote offices and the one office has been working for sometime and continues to work. Now before this first office was setup I originally tested my phones by taking them to this other location and verifying they would work, which they did. Once I established a working configuration for the phone, future phones were simply setup and shipped and plugged in and worked flawlessly. What seems to be the issue is this second location isn't even getting to a firewall rule it seems, when I view the working remote IP connection ,it shows that it went thru the correct firewall rule, and was green lighted, this second location shows as "appliance access" then denied.

So this is the working remote office:

2022-08-16 07:57:47Firewallmessageid="00001" log_type="Firewall" log_component="Firewall Rule" log_subtype="Allowed" status="Allow" con_duration="37304" fw_rule_id="9" nat_rule_id="23" policy_type="1" user="" user_group="" web_policy_id="0" ips_policy_id="8" appfilter_policy_id="0" app_name="" app_risk="0" app_technology="" app_category="" vlan_id="" ether_type="Unknown (0x0000)" bridge_name="" bridge_display_name="" in_interface="Port2_ppp" in_display_interface="Port2_ppp" out_interface="Port1" out_display_interface="Port1" src_mac="01:08:30:10:8B:02" dst_mac="40:00:00:19:26:FZ" src_ip="x.x.x.x" src_country="USA" dst_ip="x.x.x.x" dst_country="CAN" protocol="UDP" src_port="5060" dst_port="5060" packets_sent="2187" packets_received="970" bytes_sent="449487" bytes_received="534971" src_trans_ip="" src_trans_port="0" dst_trans_ip="x.x.x.x" dst_trans_port="0" src_zone_type="WAN" src_zone="WAN" dst_zone_type="LAN" dst_zone="LAN" con_direction="" con_event="Stop" con_id="3784316160" virt_con_id="" hb_status="No Heartbeat" message="" appresolvedby="Signature" app_is_cloud="0"

This is the remote IP when it hits the firewall:

2022-08-16 07:57:52Firewallmessageid="02002" log_type="Firewall" log_component="Appliance Access" log_subtype="Denied" status="Deny" con_duration="0" fw_rule_id="N/A" nat_rule_id="0" policy_type="0" user="" user_group="" web_policy_id="0" ips_policy_id="0" appfilter_policy_id="0" app_name="" app_risk="0" app_technology="" app_category="" vlan_id="" ether_type="IPv4 (0x0800)" bridge_name="" bridge_display_name="" in_interface="Port2_ppp" in_display_interface="Port2_ppp" out_interface="" out_display_interface="" src_mac="" dst_mac="" src_ip="x.x.x.x" src_country="CAN" dst_ip="x.x.x.x" dst_country="CAN" protocol="UDP" src_port="5060" dst_port="5060" packets_sent="0" packets_received="0" bytes_sent="0" bytes_received="0" src_trans_ip="" src_trans_port="0" dst_trans_ip="" dst_trans_port="0" src_zone_type="" src_zone="" dst_zone_type="" dst_zone="" con_direction="" con_id="" virt_con_id="" hb_status="No Heartbeat" message="" appresolvedby="Signature" app_is_cloud="0"

And all I have simply done is the add the remote address to the same Source list on the Voip 5060 rule. But to myself this looks like the IP itself isn't getting to the rule itself ,its blocked completely. And again I don't know if this is due to how NAT now works under v18 because I have only been on v18 for about 6 weeks now and all my phone testing was done prior with v17. As I say this is the first time having 2 sites trying to use remote phones, the 1 site has been working pretty good for about 2 years now.

Hey SophosNewby,

Thank you for the update, yes that's right it seems rule id not detected, ensure the following things:
1.) Interface Port is up and running
2.) Rule created should be on the top 
> How to configure firewall rule and NAT rule on Sophos XG v18: https://community.sophos.com/sophos-xg-firewall/f/recommended-reads/121919/how-to-configure-firewall-rule-and-nat-rule-on-sophos-xg-v18

Hey SophosNewby,

Thank you for the update, yes that's right it seems rule id not detected, ensure the following things:
1.) Interface Port is up and running
2.) Rule created should be on the top 
> How to configure firewall rule and NAT rule on Sophos XG v18: https://community.sophos.com/sophos-xg-firewall/f/recommended-reads/121919/how-to-configure-firewall-rule-and-nat-rule-on-sophos-xg-v18

Thanks,  yes as I mentioned initially I have 6 VoIP phones currently connecting from the first remote location so technically if those 2 items on your list were in fact and issue I would have zero VoIP phones working at all. Baffling to say the least,  I do have a support ticket put in to help me with the issue, I'm missing something here. The only anomaly and I go back to when we upgraded versions, we had one of our servers lose internet access and for the life of me it ended up being rule placement, so after 5 years of service working perfectly, I had to rearrange the rule group to get all servers back online, or the effected server I should say.

Problem solved, I ended up revisiting the converted NAT rules after the upgrade and this is where things broke. What I did was create a separate rule for the second office and created a proper port forward rule, the moment I hit apply to the NAT rule, my phone immediately connected, now just to test quality and fine tune any IPS or traffic shaping to ensure a good connection.