Sophos SG210 (previously working) & VOIP system firmware upgrade results in us unable to hear random calls dialling in

I realise i should probably looking to the VOIP phone support people, believe me i am on it, but after a recent firmware upgrade of an LG iPECS system what was previously working fine now works intermittently throuhg our Sophos SG UTM. Callers can't be heard when they ring through, but not on all all calls, some are fine. when testing if i consistently keep trying, voice will eventually come through in both directions.

Our system previously relied on firewall rules and NAT, we had more immediate success going down this route originally rather than the VOIP module which was tried at the time, and since it was been working the firewall settings have very much been left alone over the years.

Since the phone system's firmware was upgraded (we needed to to add more extension licenses apparently) and we've had this issue I have searched the forums and tried various things.. i think i need to rewind and start again.

I'm not getting any specific DROP in real-time firewall logs i can see to think to open things up further, even the full logs don't seem to suggest anything different to me, though I'm a one man band in an SMB an not much of an expert.

Any advice on where i should start trouble shooting from scratch?

Thank you!

Parents
  • Oh - one more thing may help understand our issue, if we ring out calls are successful both ways, but its if we're called we have the issue. thought it may give you more understanding or give me further suggestions to pass on to our phone support people

Reply
  • Oh - one more thing may help understand our issue, if we ring out calls are successful both ways, but its if we're called we have the issue. thought it may give you more understanding or give me further suggestions to pass on to our phone support people

Children
  • What do you learn from doing #1 in Rulz (last updated 2021-02-16)?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • hi thanks for chipping in - we get occasional RTCP Default Drop in the logs for ports we have defined open from external SIP to our external WAN address. I've had ANY and the specific port ranges added, or even both at the same time out of desperation for the SIP desitnation and our phone system, and vice versa.

    We have a NAT rule for SIP, do we need one for the voice channel ports?

    (I'm struggling with what I can see and coordinate as happening in realtime logs as you don't seem to be able to filter multiple destination easily. is there a good way to remove the noise of all other activity? The full logs seem to take a while to show events i've just monitored after the event when you download them - i would admit i'm probably doing it wrong lol)

    We've tested disabling UDP Flood Protection and TCP SYN. The phone's network is not listed under the main Intrusion Protection tab either. This hasn't helped and still off at the moment.

    One thing that i was wondering was, our phone support guy says he has configured the phone system to listen to our external IP address, but should the phone system (which is on it's own subnet witht the phones) be told to point to/listen on the network's gateway address?

  • We would need to see the lines from the log, but we would also need to see pics of the Edits of the relevant configurations.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • What's the best way to extract info from the logs when you're trying to trace three different interdependant devices?

  • we think issues was this so far - https://community.sophos.com/utm-firewall/f/network-protection-firewall-nat-qos-ips/40331/persistent-change-of-ip_conntrack_udp_timeout applied updated UDP settings and calls more stable - there is no way i could have seen that in the logs i'm aware of.. just guesswork asking colleagues questions, lightbulbs going off leading us here.