Hello all,I use a Fritzbox behind the XG with PhonerLite or LinPhone as SIP client. My provider is 1&1.Unfortunately, I have noticed that the SIP module crashes after a short time and that I only hear the ringing on new calls, but not the person I am talking to.I have now searched through the logs and found that the telephony works until I find the following in the log:localhost kernel: [266259.312048] ip_nat_sip_expected: doing self nating: <22.214.171.124>localhost kernel: [266261.783797] ip_nat_sip_expected: doing self nating: <126.96.36.199>Does anyone have any idea what the problem is here?
Kindly disable the UDP Flood from the DoS & spoof protection or bypass SIP Communication ports (TCPor UDP) from DOS bypass rules. Navigate to Administrator > >Intrusion prevention >> DoS & spoof protectionhttps://docs.sophos.com/nsg/sophos-firewall/18.0/Help/en-us/webhelp/onlinehelp/nsg/sfos/concepts/IPSDoSAndSpoofProtection.html
For more information about "Sophos Firewall: Turn on or off the Session Initiation Protocol (SIP) module", please check this link also : https://support.sophos.com/support/s/article/KB-000035917
Hope this helps!
Thank & Regards,
If a post solves your question, use the 'Verify Answer' link.
Hello NM_1987 ,Here is a screenshot of the overview page:
It doesn't look like something is being blocked.This is the current configuration:
If I understand correctly, spoof protection is disabled and nothing has been blocked in DoS.Or am I misunderstanding this?
Looks good, now please provide an expanded screenshot of your voip firewall rule.
XG115W - v19.5 GA - Home
Test machine - Asus P10S-i E3-1225v5, 6gb, 4 intel NICs, v19.5 GA
If a post solves your question please use the 'Verify Answer' button.
I don't have such a rule yet, because telephony always works after reloading the sip module.
rfcat_vk How should this rule look like?
No idea? What about the voip firewall rule, how should this rule look like?
My version is something like this
lan, voip network, wan, voip provider servers network address, any service. Application voip, ips lan to wan or configure your own.
you can refine the any service to your tcp/udp ports after a day of so of data to improve security.
Currently I have everything very open for the LAN and there is only one outgoing rule. Therefore, the proposed rule should be covered by the default.Here is this rule:
Or is there something I am missing here?
I would make a voip policy that does not use the dpi function.
I have now deactivated everything as a test. Nevertheless, it does not work.
Thank you for trying. What does logviewer show for the attempts?ian