This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

3CX server behind XG incoming call issues

Hello,

I am having issues with incoming calls on 3CX behind a Sophos XG firewall. Sometimes incoming calls will connect after 10+ seconds and sometimes they won't at all. This previously ran behind a Pfsense firewall without issue, so I know it is related to the XG. When I run the firewall check on 3CX I get “full cone test failed” on the SIP port, tunnel port and media (9000+) ports. Outbound calls work fine. Tech support from Sophos tried several steps to diagnose and fix the issue without luck.

On the Sophos XG I have:

Disabled the SIP module
Modified the UDP timeout value to 150
Have forwarding rules for SIP, Tunnel, Management and Media ports.
Outbound rule for the 3CX server with Rewrite source address enabled. Use outbound address is SourceNAT which is the same IP address as the incoming rules.

Any ideas what could be causing the issue?

This thread was automatically locked due to age.

Parents

0 toxrae over 4 years ago

I created another outbound rule with masquerading and set the position to top. This seems to have mostly fixed the issue. I'll keep testing over the weekend.

Whats strange is that the old outbound rule was also at the top before, and comparing the rules they look exactly the same to me, so I'm not sure why this new rule seems to be helping.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 toxrae over 4 years ago

I created another outbound rule with masquerading and set the position to top. This seems to have mostly fixed the issue. I'll keep testing over the weekend.

Whats strange is that the old outbound rule was also at the top before, and comparing the rules they look exactly the same to me, so I'm not sure why this new rule seems to be helping.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 LuCar Toni over 4 years ago in reply to toxrae

Maybe work this KBA: https://community.sophos.com/kb/en-us/127785

__________________________________________________________________________________________________________________
Cancel
Vote Up 0 Vote Down

Cancel
0 toxrae over 4 years ago in reply to toxrae

This worked until at least midnight. It is back to not working today. But now none of the port forwards are working, not just the one for incoming calls, and creating new rules is not helping. Nobody is in the office today and nothing changed from last night. I tried to reboot and that didn't help.

Others that use XG and 3CX have shown me their rules and the ones I have are the same. I'm starting to think there is an issue with the XG itself.
Cancel
Vote Up 0 Vote Down

Cancel
0 toxrae over 4 years ago in reply to LuCar Toni

Thanks. I have followed that and it is at 150.
Cancel
Vote Up 0 Vote Down

Cancel