3cx Sophos

Posted on  by admin

XG Firewall supports VoIP using both Session Initiation Protocol (SIP) and H.323 standards.

Your VoIP provider will supply the configuration details for your VoIP system. You will then need to configure a firewall rule to allow either the SIP or H.323 service.

The best channel partners, resellers, affiliates and consultants that offer Email solutions in Netherlands. Getting Sophos to pass the 3CX firewall test was a challenge, here's a step by step to get it working. 6 Steps total Step 1: Disable SIP Alg in the XG. The first thing 3CX Support is going to ask about. I will not rewrite the essay on this, instructions are in this Sophos KB.

The H.323 and SIP standards provide a foundation for audio, video, and data communications across IP-based networks. This enables users to participate in video and audio conferences, even though they are using different applications. H.323 and SIP use different flows for signaling and data transfer. Signaling flow is used to negotiate the configuration parameters, the IP address and the port that are used to establish the data flow. These protocols are harder to filter by firewalls since they violate layering by introducing layer 3 and 4 parameters in layer 7 of the OSI model. To overcome this situation in iptables, Netfilter provides connection tracking helpers which are modules that are able to assist the firewall in tracking these protocols.


The following is a complete list of ports that 3CX Phone System uses in a default installation scenario: PROTOCOL. PORT (DEFAULT) DESCRIPTION. PORT FORWARDING REQUIRED. HTTPs port of Web Server. This port can be configured. Applies to the following Sophos products and versions Sophos UTM What to do If your phones/endpoints aren't registering: Contact your VoIP provider to determine if your implementation uses one of the NAT-helper protocols discussed above.

The most common issues encountered with VoIP are poor call quality, one way audio, or calls dropping. To resolve some of the common issues with VoIP, see the related links.

How to resolve common VoIP issues.


3cx Sophos App

The most common issues encountered with VoIP are poor call quality, one way audio, or calls dropping.

You only need to carry out the steps that are relevant to your own VoIP setup.

UDP time-out value causes VoIP calls to drop or have poor quality

3cx Sophos Update

What to do if VoIP calls drop or have poor quality.


VoIP calls drop or have poor quality.


3cx Hinter Sophos Utm

If there are no errors in the SIP configuration, VoIP issues are usually due to the UDP time-out value.

XG Firewall has a default UDP time-out of 60 seconds which is usually low for reliable VoIP communication. Usually the VoIP provider recommends a UDP time-out value, typically 150 seconds.

To change the current UDP time-out value from the command line interface (CLI), choose option 4. Device Console and do as follows:


  1. Type: show advanced-firewall

    The current UDP time-out value is shown next to UDP Timeout Stream.

  2. Type: set advanced-firewall udp-timeout-stream 150

    The above command will increase the UDP time-out to 150 seconds. If your provider recommends a different value, use that.