Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

3CX server behind XG incoming call issues

Hello, 

 

I am having issues with incoming calls on 3CX behind a Sophos XG firewall. Sometimes incoming calls will connect after 10+ seconds and sometimes they won't at all. This previously ran behind a Pfsense firewall without issue, so I know it is related to the XG. When I run the firewall check on 3CX I get “full cone test failed” on the SIP port, tunnel port and media (9000+) ports. Outbound calls work fine. Tech support from Sophos tried several steps to diagnose and fix the issue without luck.

 

On the Sophos XG I have:

 

  • Disabled the SIP module
  • Modified the UDP timeout value to 150
  • Have forwarding rules for SIP, Tunnel, Management and Media ports.
  • Outbound rule for the 3CX server with Rewrite source address enabled. Use outbound address is SourceNAT which is the same IP address as the incoming rules.

 

Any ideas what could be causing the issue?



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi toxrae,


    Apologies for the inconvenience caused. Could you please PM me the support case number? I will followup on that case and update you with my findings. 

    I would also like to know if you have DoS Protection configured under PROTECT > Intrusion Prevention > DoS & Spoof Protection? 

    Thanks,

     

Reply
  • FormerMember
    0 FormerMember

    Hi toxrae,


    Apologies for the inconvenience caused. Could you please PM me the support case number? I will followup on that case and update you with my findings. 

    I would also like to know if you have DoS Protection configured under PROTECT > Intrusion Prevention > DoS & Spoof Protection? 

    Thanks,

     

Children
  • PM sent.

    I have the 3CX server passing their Firewall Check by removing GEOIP filtering. I assume they try to test the 3CX server from a country I had blocked. The incoming call issue is still there though. I have tried another SIP provider and have that issue with them as well. 

    I'm not sure about that specific setting so I have attached screenshots from DoS & spoof protection. 

     

  • FormerMember
    0 FormerMember in reply to toxrae

    Hi toxrae,

    Thanks for providing the case number, I will look into it and followup. Also thank you for the screenshot, you do not have DoS protection configured so it is not the issue in your case. 

    Thanks,