SIP Traffic Dropped to Commander.com.au

Yes, but how does that guarantee the VoIP service bandwidth especially under a network heavy load?

I would suggest you need to create a QOS policy for your firewall rule covering the VoIP traffic so that the XG knows what to limit and provide a minimum specific bandwidth for voice services.

Ian

One customer was sorted.  SIP locked to ordinary WWAN service.  Moved to NBN.  Issue resolved.  Previously this had on premise server that has to Azure.  46 rules on router, 36 unused.  Cleaned up rules.  Moved SIP to primary NBN.  No issues. 

1st Customer update:  Customer has gone with Draytec option as Commander blames the Sophos Router for the issue.  Customer is now reporting a second of the six routers with the issue.  Raised another ticket. 

I now have complaint about Sophos Routes not talking with Commander.com from a third customer.  SIP traffic appears fine.  Phones are crackly and drop. To me this is an application issue.  I have logs.  Raising another ticket.

Out of curiosity, what model XGs are you using and having issues with?
ian

THe router, where customer is replacing the Sophos with Draytec is a XGS126 (SFOS 18.5.1 MR-1-Build326)

The same customer has the indeical issue on another router.  So 2 X XGS126 (SFOS 18.5.1 MR-1-Build326)

Another customer, a clothing company, had the issue, but that appeared to be a legacy config and link generated issue and I was able to remediate that one.  It was a XG135 (SFOS 18.5.1 MR-1-Build326)

The medical clinc, whose config has not changed in months, is a XGS126 (SFOS 18.5.0 GA-Build289)

Not all the same firmware, not all the same hardware.  I caant belive I have a phone company dictating network devices, it should be the other way around.  No matter what change I make, there is not change.

To me this is an appllication resilance issue in the Commander Hosted PBX, not a Sophos issue.  I do see the one customer removing all the Sophos Gear with Draytec as there is not solution and everyone in convinvec it is a Sophos Problem.  Getting Sophos to take more notice or some other advice is also frustrating.  Thus I post the fact here and update the exisitng tickets.

Thank you for those details. I would suspect the the xgs126 are not offloading the voip traffic correctly, but will require a XG support wizkid to sort out.

ian

XG125 (SFOS 18.5.1 MR-1-Build326)

 A 5th Router now has the issue, a fourth customer, same Commander SIP Trunk.  Sip Traffic interrupted.  This customer is a pump supplier.  SIP is working only 1 way.  Customer on phone with Commander troubleshooting the issue. 

SIP unloaded console> system system_modules sip unload -- worked fine initially

Have adjusted MTU - no change Ping fragment test indicated 1472, no change.

Had adjusted UDP Stream Timeout -- 90-120-158=0-180  no change

SIP Type: set ips sip_preproc disable AND Type: set vpn conn-remove-tunnel-up disable -- Change on one site that had IPSEC VPN.  This bit did work.  Only on the 1 site.

set ips ac_atp exception fwrules 1,2 No Change

Admin, please lock this tread ASAP

Closing all tickets.  4/5 of issues was caused by the issues unrelated to Sophos. Legal (metaphors) prevent me from the full detail of the facts, so I simply provide guidance.

1 issue was a link issue that was corrected by putting phone traffic on NBN rather than poor quality, known issue fixed WIFI link. -- that one is on me. Fixed.

4 other issues were related other issues.

NON SOPHOS RELATED ISSUES

As general advice about assumptions:  May or may not be related to these cases.  There are a few things in terms of poor troubleshooting and networking knowledge may play a hand.  I.E. incorrect reporting of connection methods and technologies (F2NODE,F2CURB, F2P), assuming if Sophos is involved it is a Sophos issue because of the other site having a Sophos Issue, and assumption if an error is reported, it is not the phone system.  Get all the basic facts first.  Dont assume, confirm.

Facts about the cases I reported.  I rang Sophos and inquired on how many open SIP related tickets were in Australia.  I was informed that I was about the only person reporting cases (that he could see).

Note: The Sophos Firewall XGS issues and bugfix register does not have a known SIP issue mentioned, nor ready for a fix.  If the phone can connect and it is a SIP trunk of poor performance, rule out every other item before suggesting a router (beyond the supported adjustments and SIP trunk recommendations). A SIP on a Sophos XGS is possible but has the facility to adjust and remediate. If that makes no difference, then something else, not your XGS, is involved.

As general advice, which may or may not be reported with these cases.  If there are no dropped packets on SIP, the issue is mostly likely in the "Application Layer” or related to hardware not seen by the router.  These other items may include: a misconfigured SIP trunk by your phone company, a half migrated NBN service and new source IP address is not registered in your hosted PABX, or you have faulty handset (or more).

Please lock this tread as it is falsely putting forward a Sophos issue.  It was not Sophos related.