Sophos Firewall und SIP
IP Problemen with Sophos Firewalls:
Link to Sophos: https://community.sophos.com/kb/en-us/127785
Sophos XG Firewall: VoIP calls may drop or encounter poor quality
Sophos Firewall What to do when there is no SIP misconfiguration, VoIP issues usually occur due to UDP time-out value. Sophos XG Firewall has a default UDP time-out of 60 seconds which is usually low for reliable VoIP communication. Usually the VoIP provider declare recommended UDP time-out for best experience. Common value is 150 seconds which is perfect for most VoIP scenarios. To verify the current UDP time-out value, from the command line interface (CLI), choose option 4. Device Console and run the following command: show advanced-firewall To modify the UDP time-out value to 150 seconds, run the following command: set advanced-firewall udp-timeout-stream 150 Note: When there is a Site-to-Site VPN and/or IPS configured in the XG, then the following two commands help resolving the VoIP calls drop or poor quality issue: set ips sip_preproc disable
• This will disable the preloaded IPS patterns for SIP
set vpn conn-remove-tunnel-up disable
• When disabled, it will not flush the connections when IPSec tunnels come up