Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 12 replies
  • Subscribers 2 subscribers
  • Views 17832 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Firewall is dropping port 5060

DarthPerzi
Hi, 
i have a Sophos UTM 9 Firewall at our Company.

We have strange Phone Problems at our Network.
For the Phonecalls we need the Port 5060 incoming and outgoning to our firewall.

I made the following rule at our firewall:

IP Address of the Phone Company --> tcp 5060 --> WAN Port (Network)
and
Address of the Phone Company --> udp 5060 --> WAN Port (Network)

When i have a look at the live Protokoll of the Firewall i have many packages from the phone company who will be dropped by default.

What can i do to let the Packets into my network?

Thanks a lot
BR
Michael


This thread was automatically locked due to age.
Parents
  • 0
    Michael, I have exactly the same, SIP-server located on Internet, but enabling the SIP proxy solves the problems.
    You can succesfully forward TCP/UDP 5060, but the RTP streams (speech) are random ports you don't want to open by default (just because you would create a huge hole in your firewall).
    Just try to enable the SIP proxy, you internal network are your clients and the server networks are your providers' IP-addresses. You don't need any other rules and the ports will be dynamically opened only when requested by either side of the SIP-connection and closed again when no longer needed.

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

Reply
  • 0
    Michael, I have exactly the same, SIP-server located on Internet, but enabling the SIP proxy solves the problems.
    You can succesfully forward TCP/UDP 5060, but the RTP streams (speech) are random ports you don't want to open by default (just because you would create a huge hole in your firewall).
    Just try to enable the SIP proxy, you internal network are your clients and the server networks are your providers' IP-addresses. You don't need any other rules and the ports will be dynamically opened only when requested by either side of the SIP-connection and closed again when no longer needed.

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

Children
No Data
Cookie Information Banner