Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 7 subscribers
  • Views 1472 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SIP sending internal IP instead of Public

Malcolm Nicholson

Hi,

I have an issue where the UTM is not altering the sip header from a private IP to the public IP of the firewall. Instead it sends the private IP to the SIP provider and obviously this doesn't work. Are you even able to setup the UTM to edit the SIP header?

Thanks



This thread was automatically locked due to age.
  • 0

    No, but maybe you forget to (NAT) mask your voice-lan?

  • 0

    Hi Malcolm and welcome to the UTM Community!

    I bet Joerg hit the nail on the head.  You might also want to look at #2.1 and #3.1 in Rulz (last updated 2019-04-17) for other, similar issues.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0

    I do not think that NAT is able to alter the SIP-Header and unfortunately the UTM has only an SIP helper implemented. For this kind of SIP manipulation you usually need a proper SIP Proxy or Session Border Controller.

  • 0 in reply to Holger Gran

    Hi Joerg-ST,

    Holger Gran is correct.

    what you require is SIP ALG, usually a modern phone system is NAT Aware and can adjust the packet without getting a firewall involved.

    As this can be temperamental. I have never used this as it usually causes issues.

    The only article I can find is;

    https://support.sophos.com/support/s/article/KB-000034975?language=en_US

    It may well work, but have never tried it.

    XG & UTM Architect (Systems: XG v18 & UTM 9.7 - Virtual, HW & SW)
    Curious enough to take it apart, skilled enough to put it back together, Clever enough to hide the extra parts when I'm Done!

  • 0 in reply to Argo

    I've had that work before, Argo, but I've seen more situations where the UTM SIP helper wasn't compatible with a VoIP provider and had to create new Services, Host/Network definitions and firewall rules manually.

    In this case, Malcolm, it sounds like your internal VoIP device configuration is the problem - it should have your public IP in the SIP header., not its local IP.  This type of issue is not uncommon with IPsec VPNs.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML