I am having issues with incoming calls on 3CX behind a Sophos XG firewall. Sometimes incoming calls will connect after 10+ seconds and sometimes they won't at all. This previously ran behind a Pfsense firewall without issue, so I know it is related to the XG. When I run the firewall check on 3CX I get “full cone test failed” on the SIP port, tunnel port and media (9000+) ports. Outbound calls work fine. Tech support from Sophos tried several steps to diagnose and fix the issue without luck.
On the Sophos XG I have:
Any ideas what could be causing the issue?
I created another outbound rule with masquerading and set the position to top. This seems to have mostly fixed the issue. I'll keep testing over the weekend.
Whats strange is that the old outbound rule was also at the top before, and comparing the rules they look exactly the same to me, so I'm not sure why this new rule seems to be helping.
Maybe work this KBA: https://community.sophos.com/kb/en-us/127785
This worked until at least midnight. It is back to not working today. But now none of the port forwards are working, not just the one for incoming calls, and creating new rules is not helping. Nobody is in the office today and nothing changed from last night. I tried to reboot and that didn't help.
Others that use XG and 3CX have shown me their rules and the ones I have are the same. I'm starting to think there is an issue with the XG itself.
Thanks. I have followed that and it is at 150.