sip phone issues behind XG

I've recently moved around 40 VOIP phones onto an XG 220 firewall. They were on an old Peplink separate from the data LAN until the Peplink died. The phones are on a separate network and plug into their own network port. I created a zone named VOIP for them.  The phones are hosted by an outside carrier.

They are experiencing some SIP issues. The phones won't stay registered unless I set their re-registration period to a very short interval (60 seconds), and even that doesn't always work and they have to be rebooted. Inbound caller ID is no longer showing.

They're using the #default_network_policy firewall rule. I added the VOIP zone to the source list. Intrusion protection is set to "lantowan_general". Traffic shaping policy, web policy, and application control have been tried at none but no difference. NAT is set to masquerading.

The SIP and H323 ALG's have been unloaded. The UDP timeout stream is set to 150.

What else can I do?

Added TAGs
[edited by: emmosophos at 11:42 PM (GMT -7) on 14 Sep 2021]
Parents Reply
  • I setup a VoIP policy for my VoIP phones to use in the application field. I have a tuned IPS signature policy all on a firewall rule the allows SIP, SSIP, TCP SIP and mix of TCP and UDP ports that the phones use to initiate the connections.


    V18.5.x - e3-1225v5 6gb ram with 4 ports - 20w. 
    If a post solves your question use the 'This helped me' link.
No Data