Hello,we have a problem with the transmission of the voice on our IP telephones between the XG and the SD-RED 20.The connection can be established (it rings and you can pick up the receiver), but nothing can be heard.The RED is located in the network 192.168.150.0/24The XG in the network 192.168.130.0/24.The telephone system has the 192.168.130.251.Otherwise all traffic between the XG and the RED works.Do any routes have to be set here in addition to the firewall roles?Thank you very much and best regards ...Martin
Assuming you have kept RED in the VPN zone.
In this case, you just need VPN to LAN firewall rule to communicate between Sophos Firewall local network: 192.168.130.0/24) and RED network: 192.168.150.0/…
Additive:The connection to the "wired" telephones works. Only the connection to the telephones, which are connected via VPN, does not work.
Hi Admin TSK,
Thanks for reaching out, and welcome to the Sophos Community!
What is the configured RED deployment mode?
Have you configured DoS protection or IPS on the firewall rules for the RED network?
Community Support Engineer | Sophos Technical SupportSupport Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts If a post solves your question use the 'Verify Answer' button.
the RED deployment mode is "Standard/Unified".
I have no DoS or IPS configured for the RED firewall rules.
Many thanks Martin
Admin TSK said:The connection can be established (it rings and you can pick up the receiver), but nothing can be heard.
Is issue reported with one-way communication or two-way communication?
Is there any SNAT applied on the firewall rule configured to allow communication between the RED network(192.168.150.0/24) and XG local network(192.168.130.0/24)?
Also, please check if SIP is loaded or not.
Login to SSH > 4. Device Console
console> system system_modules show
Hello Yash Kothari,I have logged into the console. SIP is activated.I don't understand that with the SNAt or I don't have instructions for the XG 18.5. Does SNAT have to be set?
Hello,I ask the question a little differently. How do I get the RED network (192.168.150.0/24) to reach the VPN network (22.214.171.124/24). There does not seem to be any communication between these two networks. A ping is not possible, for example.Best wishesMArtin
Can anyone help me with this problem?
In this case, you just need VPN to LAN firewall rule to communicate between Sophos Firewall local network: 192.168.130.0/24) and RED network: 192.168.150.0/24
If it's in the LAN zone, then a firewall rule needs to be configured with LAN as a source and destination zone.
Please take the packet capture by following the below steps:
==> Navigate to Diagnostics > Packet capture
==> Use BPF string: host 192.168.150.x and proto ICMP
Here, 192.168.150.x is an IP address of the source machine from where you're checking ICMP(ping).
==> Start the capture and initiate a ping from the RED network machine.
This would confirm whether traffic from the RED network hits on Sophos Firewall or not.
I have to explain it a little differently again.From the LAN (192.168.130.0) I can get into the RED network (192.168.140.0) without any problems.My problem is that I cannot get into the RED network from the VPN network (126.96.36.199).With a ping to 192.168.150.101, for example, "Response from 188.8.131.52: Target network cannot be reached."However, I do not know this IP.I have set up a firewall rule VPN - RED / RED - VPN.However, this has not yet resulted in success.Can you help me here?Best wishesMartin
Which VPN are you using?
Could you please also post a snapshot of the RED interface configuration?
It would be great if you can share a rough network diagram.
Hello,I have attached my RED config. Unfortunately I don't have a network diagram. But it's nothing great.I have a1. LAN: 192.168.130.0/242. VPN: 184.108.40.206/24 - Sophos Connect3. RED: 192.168.150.0/24Everything works between LAN and VPN / REDNot between VPN and RED.He just doesn't know the route from 220.127.116.11 to 192.168.130.0.Best wishesMartin
Request to follow the steps below to check packet flow:
==> Go to Diagnostics > Packet capture
==> Enter BPF string: host 192.168.150.101 and proto ICMP
==> Start a ping to 192.168.150.101 from VPN network 18.104.22.168/24 and share packet capture snapshot.
if I set this and execute a ping nothing happens ...
Start packet capture with BPF string: host 192.168.150.101 and proto ICMP as shown below.
Then, ping to 192.168.150.101 from VPN network 22.214.171.124/24 and share packet capture output.
Ok... i have do this...
The result is... no entries...
We have a second RED, with IP 192.168.140.0/24A PC behind it has the IP 192.168.140.103The two networks simply cannot seem to see each other.
Which VPN are you connecting to? Is it remote access VPN or site to site?
Please take packet capture on IP address to which you're testing ping connectivity.
eg: host 192.168.150.101 and proto ICMP
host 192.168.140.103 and proto ICMP
We use the Sophos Connect client.When I send the ping from the RED network, the following appears in the log ...
When I send the ping from the VPN network and change the host to 172.168 ... nothing appears in the log ...
Can you help me?
I just installed a RED device yesterday for a client, the scenario you described above was exactly the same issue I had. The RED network could communicate with the client's PBX, I could ping the PBX, the phone would register & ring but no audio.
in my case... After some diag's and packet sniffing, the issue wasn't with the RED/XG, it was the PBX. I had to enter in the subnet of the RED device as an internal network in the PBX config.
Just a thought... could be same issue. Check your PBX.
In my case this client uses a FortiVoice PBX, and this setting was under Phone System - Advanced Settings - SIP - Advanced Setting - Internal Network.