Silent Audio Calls

Thanks Emmanuel , I'll give feedback once I'm able o do this , please bear with as I will need test windows to do this , which is not easy to get 

Hi @rfcat_vk ssl/tls was already disabled , still no change .... sophos support is also quite horrible they respond once a week.

Hi Manuel DoS & Spoof protection was already disabled , I'm yet to try the drop packet capture as I havent been able to get the firewall back to production since the call center runs 24/7. Getting a test window is a bit hectic , I'll respond once I'm able to do this

hello guys anything else you guys can suggest , its really frustrating and final piece of the puzzle in my deployment. Support from Sophos is horrible as they reply to my emails once a week.

When I've had this happen (admittedly only for external calls) doing a TCPDUMP from the CLI will show you what's going on. The SIP packets are easy to understand and you'll be able to see the endpoints and ports in the call setup. If you have a LAN to LAN rule in place then I'd have expected that to be ok, the RTP stream should be phone to phone directly but again, the contents of the call setup will show you wants going on.

Hello David,

Sorry to hear you’re having issues with Support, share your Case ID so I can leave a note in the case.

Regards,

you know the funny thing is external calls are working I can call my cell phone and media is flowing both ways , My cell phone can ring an extension and media flows both ways. An externally registered extension (meaning the extension is remote and registers to the pbx using public IP) can ring an internall extension but media is one way. internal calls dont work at all. This i the greatest mystery ever. Some internal phones are deskphones (on voice vlan) and some are softphones (on data vlan). Whatever the test scenario internal extension to extension the call will go through but media will not , it will just be silent

Hi David,

Are you using Cisco phones by chance and/or using Cisco voice gateways in your network?    I've had this issues in the past but with remote sites and their use of Voice gateways before and experienced some of the same issues. 

Also...

If these vlans are solely for voice traffic you may want to try the big hammer approach which is bypassing stateful firewall inspection between the PBX and voice networks.  If this works, it could be quite possible you have asymmetric routing going on inside your network.

from the console cli  (option  #4 I think) look into bypassing the networks:

set advanced-firewall bypass-stateful-firewall-config add source_network  YOURVOICENET source_netmask YOURvoice_NETMASK dest_network YOUR_PBXNET dest_netmask YOURPBX_NETMASK  

and then repeat the rule for the traffic going in the opposite direction.    FROMPBXNET --> VOICENET  . So  you'll have two rules for each set of networks you need to bypass firewall inspection on.

Give that a try...

Once again this is the big hammer approach and basically turns off firewall features  for the networks you specify in the rule so that the Sophos is simply routing traffic between those networks - this means you wont see any traffic on those firewall rules you setup in the GUI  after this point. 

If this works somewhere you have traffic going down the pipe in one direction and coming back a slightly different way (weird route  someplace etc)

Good Luck!

-Scott

Hi so when I drop-packet-capture 'host PHONE_IP_ADDRESS'  I'm seeing a very weird scenario. When I place the call there's nothing on the output but when I pick the call I see a lot activity on the packet capture. So does this mean SIP is just going via the switch but RTP is somehow being forced through the firewall?

Hi Scott , I have done as you suggested (Set BypassFirewall) and the problem still persists. for testing purposes when  I return the initial cyberoam firewall that was in place it works perfectly something is really not making sense here.