sip phone issues behind XG

I've recently moved around 40 VOIP phones onto an XG 220 firewall. They were on an old Peplink separate from the data LAN until the Peplink died. The phones are on a separate network and plug into their own network port. I created a zone named VOIP for them.  The phones are hosted by an outside carrier.

They are experiencing some SIP issues. The phones won't stay registered unless I set their re-registration period to a very short interval (60 seconds), and even that doesn't always work and they have to be rebooted. Inbound caller ID is no longer showing.

They're using the #default_network_policy firewall rule. I added the VOIP zone to the source list. Intrusion protection is set to "lantowan_general". Traffic shaping policy, web policy, and application control have been tried at none but no difference. NAT is set to masquerading.

The SIP and H323 ALG's have been unloaded. The UDP timeout stream is set to 150.

What else can I do?

Added TAGs
[edited by: emmosophos at 11:42 PM (GMT -7) on 14 Sep 2021]