Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 5 subscribers
  • Views 3061 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos 110 UTM 9.6 VoIP/SIP Traffic to sipgate.de always "Default DROP UDP ... ", why? But no rule defined in Firewall for SIP.

Si Tso

Hi all,

I have a really weird problem ... 

My Settings:

  • SOPHOS 110/120/100, rev. 5
    • Network Protection -> VoIP
      • SIP Server Networks:    sipgate.de
      • SIP Clients Networks:    Fritzbox 7170 
    • Network Protection -> H.323
      • H323 Gatekeeper:    sipgate.de
      • H323 Client:    Fritzbox 7170

Phones settings

All phones are connected to the fritzbox and they all can call each other

My Network

  • IPphone1 (192.168.0.130) --> Fritzbox 7170 (192.168.0.10) --> Sophos UTM Internal Network LAN (192.168.0.3) --> Sophos External Network WAN (192.168.0.2) --> Cable Modem (192.168.0.1)
  • IPphone2 (192.168.0.131) --> Fritzbox 7170 (192.168.0.10) --> Sophos UTM Internal Network LAN  (192.168.0.3) --> Sophos External Network WAN (192.168.0.2) -->  Cable Modem (192.168.0.1) 
  • IPphone3 (192.168.0.122) --> Fritzbox 7170 (192.168.0.10) --> Sophos UTM  Internal Network LAN (192.168.0.3) --> Sophos External Network WAN (192.168.0.2) --> Cable Modem (192.168.0.1)

Phones can call each other, but outbound and inbound calls do not work.

When I look into live window from the  firewall, I get the following:

00:09:02 Default DROP UDP 192.168.0.132 : 1030  → 185.134.197.4 : 123   len=76 ttl=62 tos=0x00 srcmac=00:15:0c:b9:2e:da dstmac=00:1a:8c:14:8c:c4
00:09:02 Default DROP UDP 192.168.0.10  : 5060  → 217.10.68.152 : 10000 len=56 ttl=63 tos=0x00 srcmac=00:15:0c:b9:2e:da dstmac=00:1a:8c:14:8c:c4
00:09:04 Default DROP UDP 192.168.0.131 : 40033 → 90.187.19.113 : 123   len=76 ttl=62 tos=0x00 srcmac=00:15:0c:b9:2e:da dstmac=00:1a:8c:14:8c:c4
00:09:04 Default DROP UDP 192.168.0.132 : 1030  → 5.103.139.163 : 123   len=76 ttl=62 tos=0x00 srcmac=00:15:0c:b9:2e:da dstmac=00:1a:8c:14:8c:c4
00:09:05 Default DROP UDP 192.168.0.10  : 5060  → 217.10.68.152 : 10000 len=56 ttl=63 tos=0x00 srcmac=00:15:0c:b9:2e:da dstmac=00:1a:8c:14:8c:c4
00:09:08 Default DROP UDP 192.168.0.131 : 57318 → 185.134.197.4 : 123   len=76 ttl=62 tos=0x00 srcmac=00:15:0c:b9:2e:da dstmac=00:1a:8c:14:8c:c4
00:09:08 Default DROP UDP 192.168.0.132 : 1030  → 46.227.200.24 : 123   len=76 ttl=62 tos=0x00 srcmac=00:15:0c:b9:2e:da dstmac=00:1a:8c:14:8c:c4
00:09:09 Default DROP UDP 192.168.0.131 : 47787 → 46.227.200.24 : 123   len=76 ttl=62 tos=0x00 srcmac=00:15:0c:b9:2e:da dstmac=00:1a:8c:14:8c:c4
00:09:09 Default DROP UDP 192.168.0.132 : 1030  → 185.134.197.4 : 123   len=76 ttl=62 tos=0x00 srcmac=00:15:0c:b9:2e:da dstmac=00:1a:8c:14:8c:c4
00:09:09 Default DROP UDP 192.168.0.10  : 5060  → 217.10.68.152 : 10000 len=56 ttl=63 tos=0x00 srcmac=00:15:0c:b9:2e:da dstmac=00:1a:8c:14:8c:c4
00:09:10 Default DROP UDP 192.168.0.131 : 36717 → 5.103.139.163 : 123   len=76 ttl=62 tos=0x00 srcmac=00:15:0c:b9:2e:da dstmac=00:1a:8c:14:8c:c4
00:09:10 Default DROP UDP 192.168.0.132 : 1030  → 5.103.139.163 : 123   len=76 ttl=62 tos=0x00 srcmac=00:15:0c:b9:2e:da dstmac=00:1a:8c:14:8c:c4
00:09:11 Default DROP UDP 192.168.0.131 : 49787 → 176.9.9.197   : 123   len=76 ttl=62 tos=0x00 srcmac=00:15:0c:b9:2e:da dstmac=00:1a:8c:14:8c:c4
00:09:11 Default DROP UDP 192.168.0.132 : 1030  → 46.227.200.24 : 123   len=76 ttl=62 tos=0x00 srcmac=00:15:0c:b9:2e:da dstmac=00:1a:8c:14:8c:c4
00:09:12 Default DROP UDP 192.168.0.131 : 41692 → 178.63.9.110  : 123   len=76 ttl=62 tos=0x00 srcmac=00:15:0c:b9:2e:da dstmac=00:1a:8c:14:8c:c4
00:09:12 Default DROP UDP 192.168.0.132 : 1030  → 185.134.197.4 : 123   len=76 ttl=62 tos=0x00 srcmac=00:15:0c:b9:2e:da dstmac=00:1a:8c:14:8c:c4
00:09:13 Default DROP UDP 192.168.0.131 : 53473 → 90.187.7.5    : 123   len=76 ttl=62 tos=0x00 srcmac=00:15:0c:b9:2e:da dstmac=00:1a:8c:14:8c:c4

The documentation of the fierwall says, that if I correctly fill the fields under:

  • "Network protection -> VoIP ->SIP"

and

  • "Network protection -> VoIP -> H3.23"

there is no need for extra rules in the firewall.

Nevertheless, I tried it with separate firewall rules:

  • Fritzbox <-- Any --> Sipgate

But no different result.

What I am I missing or doing wrong?

Any herlp highly appreciated!

:-)



This thread was automatically locked due to age.
Parents
  • 0

    Hallo and welcome to the UTM Community!

    Please show a picture of your Interface definitions and one of 'Allowed Networks' in 'Network Services >> NTP'.

    Alone among the logs, the Firewall Live Log presents abbreviated information in a format easier to read quickly.  Usually, you can't troubleshoot without looking at the corresponding line from the full Firewall log file.  Please post two lines corresponding to the first two in your opening post above.

    Do you learn anything from doing #1 in Rulz?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    H

    i Bob,
     
    I will have a look at the "Rulz" [1] and will reply later.
    =)
     
    [1]
    Do you learn anything from doing #1 in Rulz?
Reply Children
No Data
Unfiltered HTML