Advisory: Support Portal Maintenance. Login is currently unavailable, more info available here.
We want to use a Doorbird (https://www.doorbird.com/de/) doorbell video station, connected to the SOPHOS XG via PoE.We have created a firewall rule for the Doorbird's IP (Allow all Traffic, LAN to WAN).Nevertheless, we do not receive any push notifications from the doorbell.We only get a sound when the app is open on the iPhone, but also no push message.The bell system is also not marked as online on the manufacturer's side (https://www.doorbird.com/checkonline).As a test, we connected the system directly to the router via a PoE adapter. Everything then works and the manufacturer also lists the system as online.So something is still being blocked by the XG.Does anyone have any ideas? We found a forum post here that deals with the same problem, but with a UTM (https://community.sophos.com/utm-firewall/f/german-forum/113368/doorbird/406180).
Thank you for reaching out to the Community!
Did you configure web filtering on your firewall? If yes, it could be the web filtering causing this issue.
Try to create a new firewall for the Doorbird's IP address in the source network, and then don’t apply any advanced filtering on the firewall rule.
Community Support Engineer | Sophos Technical SupportSupport Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts If a post solves your question use the 'Verify Answer' button.
Hi H_Patel thanks for your answer. No, there is no configured web filtering for the LAN to WAN rule
Thank you for the update.
Did you configure DoS protection for UDP?
I would suggest you run a packet capture on the source IP address and check if the source's traffic is allowed or dropped by the firewall.
Check out the following KBA for more info: Monitor traffic using Packet Capture Utility in the Sophos XG Firewall GUI.
No, DoS protection for UDP is not configured. We ran a packet capture on the source IP.
But it looks like that the manufacturer's server can be accessed via TCP.
Take a look at this Community Post, you might need to create a custom SSL/TLS rule.