I am having issues with incoming calls on 3CX behind a Sophos XG firewall. Sometimes incoming calls will connect after 10+ seconds and sometimes they won't at all. This previously ran behind a Pfsense firewall without issue, so I know it is related to the XG. When I run the firewall check on 3CX I get “full cone test failed” on the SIP port, tunnel port and media (9000+) ports. Outbound calls work fine. Tech support from Sophos tried several steps to diagnose and fix the issue without luck.
On the Sophos XG I have:
Any ideas what could be causing the issue?
Apologies for the inconvenience caused. Could you please PM me the support case number? I will followup on that case and update you with my findings.
I would also like to know if you have DoS Protection configured under PROTECT > Intrusion Prevention > DoS & Spoof Protection?
Community Support Engineer, Support & Services| Sophos Support Sophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts | If a post solves your question use the 'Verify Answer' button
I have the 3CX server passing their Firewall Check by removing GEOIP filtering. I assume they try to test the 3CX server from a country I had blocked. The incoming call issue is still there though. I have tried another SIP provider and have that issue with them as well.
I'm not sure about that specific setting so I have attached screenshots from DoS & spoof protection.
Thanks for providing the case number, I will look into it and followup. Also thank you for the screenshot, you do not have DoS protection configured so it is not the issue in your case.
I created another outbound rule with masquerading and set the position to top. This seems to have mostly fixed the issue. I'll keep testing over the weekend.
Whats strange is that the old outbound rule was also at the top before, and comparing the rules they look exactly the same to me, so I'm not sure why this new rule seems to be helping.
Maybe work this KBA: https://community.sophos.com/kb/en-us/127785
This worked until at least midnight. It is back to not working today. But now none of the port forwards are working, not just the one for incoming calls, and creating new rules is not helping. Nobody is in the office today and nothing changed from last night. I tried to reboot and that didn't help.
Others that use XG and 3CX have shown me their rules and the ones I have are the same. I'm starting to think there is an issue with the XG itself.
Thanks. I have followed that and it is at 150.