Cisco phones not registering with the SIP server after upgrade from Cyberoam to Sophos OS



I have a Cyberoam firewall which i recently upgraded its firmware from Cyberoam firmware to Sophos firmware. After my upgrade, the Cisco phones couldn't register to the SIP server located at a remote location.

I have done every configurations and check all the rules, they seem Okay but the IP phones are not just connecting to the SIP server

Is there a particular port Cisco phones use to communicate with the SIP server which i have to allow? Or has anyone experienced this before?


Awaiting kind response.

  • Hi,

    please log a fault because you appear to be a business customer.

    Also please check this thread for short term answers.


  • In reply to rfcat_vk:

    Also try to unload / reload the SIP Helper.

  • In reply to LuCar Toni:

    Hello, I have unload and reload the SIP helper but still same. 

    Please note that the Polycom IP phones on the network are good. But the issue we are having is with the Cisco phones.

    I dont know if Cisco phones work on any particular port which i have to allow.. Just asking...

  • In reply to David Ibegbu:

    We cannot give you any information about cisco phones. Maybe you look up the manual for the Cisco phones for such kind of information. 

    As far as i can assume, maybe you need to have a firewall policy for the phones. 

  • In reply to David Ibegbu:


    I think that somemething is interfering on SIP/RTP traffic.

    1 - Is there an IPS policy enabled on the firewall rules created for traffic between those networks ?

    2 - Is UDP flood enabled under Intrusion Prevention? (This is global).

    3 - Try to disable MicroApp discovery. If it is already off, please try turning on and off again with the following commands from the console:

    - console> system application_classification microapp-discovery show
    - console> system application_classification microapp-discovery on
    - console> system application_classification microapp-discovery off

    4. Last year I had a similar problem that was resolved by disabling two IPS features with the commands below:

    - console> set ips sip_ignore_call_channel disable

    - console> set ips sip_preproc disable

    I hope it helps.


  • Cisco phones need the TFTP server address for downloading the config files during boot. The address to the TFTP is provided by the DHCP server under option 150.  Make sure your DHCP server is delivering this to the phones. You may need to configure a helper address on the XG if the DHCP server is remote.