This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

3cx Phonesystem - Some problems

Hello all,

I have a problem with the 3cx system at my company. I switched from a Sophos SG to the XGS (UTM210 to XGS2100).

The telephony works partly wonderful, but partly not.

I first have a DNAT rule that says that all required ports for the 3cx are released on an additional IP address on the WAN interface. The access to the 3cx works fine from the outside.
Otherwise the 3cx has an Any rule without filter in the direction of the WAN. I have attached screenshots.

Now it is unfortunately so that for inexplicable reasons between through calls become one-sided, or break off completely. The SIP trunk is not disconnected and no re-registration is performed. In the log I can not see what is blocked or dropped. I have also assigned the profile "VoIP Guarantee" to the 3cx, so that the system has guaranteed bandwidths and is not throttled. IPS and ATP (Advanced Protection) are also turned off or the 3cx phone system is excluded.

SIP ALG is also turned off and the UDP Time-Out Time is set to 150ms.

The system version I have is SFOS 19.0.0 GA-Build317.

This thread was automatically locked due to age.
  • Hi,

    have you tried to create a linked SNAT Rule for your outgoing Firewall rule? 



  • Hi,

    yes, I have already done that too. As a result, the error message -> not reachable appeared in the firewall checker.

    If I remove the SNAT rule or deactivate it, I get "full cone test failed" again, although the DNAT rule is created accordingly. Accordingly, the calls are unfortunately not stable.

  • Hi Philipp Junker 

    Packet capture and pcap will help you to investigate the issue between your IP Phone and Voice Server

    Please share the pcap file from the Voice server and from your IP Phone 

    From Sophos Firewall please check the traffic flow with help of packet capture 

    Please go to MONITOR & ANALYZE-->Diagnostics-->Packet Capture Click on Configure and add host <destination IP>  start the packet capture

    Share the packet you have taken from GUI

    From CLI check the tcpdump as well drop a packet 

    console>tcpdump 'host <destination IP> 

    console>drop-packet-capture 'host <destination IP>

    Thanks and regards 

    "Sophos Partner: InfrassistTechnologies Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.