set vpn conn-remove-tunnel-up disable
set ips sip_preproc disable
Sophos XG v18: Troubleshooting guide with SIP protocol on Sophos XG firmware version 18
Overview
Tutorials on troubleshooting SIP protocol issues on Sophos XG devices. SIP ALG is enabled by default on Sophos. It is the cause that affects the registration of IP phone devices to the PBX and affects calls of the PBX system. Besides, the article also guides you to handle problems related to UDP Timeout Stream parameters and VoIP call drops or poor quality when there are VPN Site to Site or IPS configurations
How to configure
- Login to Sophos XG by Admin account
- Login to Console interface of XG devices -> Choose admin -> Choose Console
- Choose number 4 (Device console)
- Console of the Sophos XG device
- Disable SIP on Sophos device
console> system system_modules sip unload
- Check the status of SIP on Sophos XG
console> system system_modules show
- Once SIP is turned off on Sophos but there are still some VoIP problems that will often occur due to the UDP Timeout error value. Sophos XG Firewall has a UDP Timeout of 60s, VoIP product providers will recommend the UDP Timeout for the best experience and that value is 150s, which is prefect for most products. VoIP -> We will change the UDP Timeout Stream parameter on the Sophos XG device
- On the console -> Type the command show advanced-firewall
- We will change the UDP Timeout to 150s
set advanced-firewall udp-timeout-stream 150
** After changing UDP Timeout parameters, the VoIP experience is stable, but with VoIP call drop or poor quality when there are VPN Site to Site or IPS configurations on Sophos XG, we will handle that problem as follows
- Disable IPS sip_preproc on Sophos XG
set ips sip_preproc disable
- Disable VPN conn-remove-tunnel-up on Sophos XG
set vpn conn-remove-tunnel-up disable
