Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Allow Port in Sophos Firewall

Hi Everyone,

I am new to Sophos firewall and I dont know much about this. Can any one tell me how to allow following port in Sophos XG135 (C1B0Cxxxxxxxxxx)

CLOUC uses the following Ports
HTTP, HTTPS and 9443 for the web console
5060 and 5061 TCP for SIP
5060 UDP for STUN

and UDP 49152 to 65535 for RTP

CLOUC Is hosted at the following IP addresses
103.21.158.56/29 (Primary site)
27.50.73.112/29 (Secondary Site)

COUC Uses the following IP and ports for Firmware updates
Cloudflare
162.159.200.123/32
123 UDP fot NTP



This thread was automatically locked due to age.
  • Hi Prasad Prasad

    Try with the destination base firewall rule and add services on the same rule

    Regards

    "Sophos Partner: Networkkings Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

  • Hi,

    you create a firewall rule - zone LAN, network - LAN, destination zone WAN, destination networks (create a IP network for each address range) the created address range names, services select those that yo can from the drop down lists and you might need to create your own service for the RTP range. and finally allow

    web - Allow - use proxy

    applications - allow all

    IPS - LAN to WAN

    This will get you started, you might need refine some of the web as not being required and the same with the applications.

    Finally there are KBAs with details to help setup similar scenarios.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hi rfcat_vk ,

    Thanks for your suggestion. what about the last line  which says "COUC Uses the following IP and ports for Firmware updates
    Cloudflare
    162.159.200.123/32
    123 UDP fot NTP "

  • Those ports are all covered by your "ANY" in services.

    Add the address to your destination networks.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.