Hi.
I think I need assistance to understand fully the way how firewall and routing/forwarding is working in XG.
I have a question related to SIP server in DMZ.
So - to describe:
I have 3 ports: 1: WAN(bridge - public IP), 2: LAN (192.168.2.x) , 3:DMZ(192.168.100.x)
On DMZ I have SIP server - this server should be accessible for LAN users and internet users. It is not using 5060 as default port - so lets say for registrations it is using port 50808 (as example) - this is to limit access attempts.
I have set up some rules to that SIP server like:
Source: Host Any
Hosted Server: Zone Any, hosted address #Port1
Protected Application Servers: Zone DMZ, Protected Application Server: created HOST pointing to 192.168.100.XXX address of the SIP server, forward all ports OFF
Port Forwarding: TCP, and defined ports - the same for mapped.(similar for UDP)
Routing MASQ ON
Reflexive Rule: ON
There are a few issues - I can register from LAN computers. Some connected to Internet (outside) can register (not all) - but in registration list I see internal IP of gateway 192.168.100.1 - (so it looks like they have registered from gateway - probably NAT) - normally I should see real IP of registered clients - and finally - if I use TRUNK to call I can hear IVR, but when I try to select number to call my internal number - no voice. So looks like voice is not passing.
To add - in rules I have created similar rules for ports 16384:32768 (UTP and TCP) used for final voice communication.
So question - how to configure XG to have this working? To have server behind firewall accessible? I had this working with CLEAR OS before - but as I want to switch to SOPHOS - I have to solve this ASAP - this server is used by me and my family as main communication platform.
Thanks for any suggestions
Mike....
This thread was automatically locked due to age.
