Known Issues

  1. This appliance is a Linux based firewall. Without a correct configuration, they will cause intermittent sip registration and call quality issues for VoIP based services.
  2. This appliance does have SIP modules that are not activated by default. They are however designed for networks that host an internal SIP based PBX system.
  3. The SIP modules on this appliance are not necessary for remotely hosted VoIP phone systems.

Resolution

  1. Login to the firewall
  2. Click on Network Protection > Firewall
  3. Add the following two rules, please note, these are not designed to adversely impact any rules that have already been created for your organization.
    • Click on the button “New Rule”.
    • From the Group selection list, select “ <<New group>>”
      1. Name this group: VoiceServicesIn
    • Position: This will be determined based upon any rules already in place. At this time, there are not any known issues with the particular numbering order of these rules.
    • Sources:
      • You will need to create address objects that pertain to the Intermedia VoIP product being used. Please contact Intermedia to obtain the IPs that need to be whitelisted.
    • Services:
      • You will need to create service objects for IP ports that pertain to the Intermedia VoIP product being used. Please contact Intermedia to obtain the necessary Port ranges that need to be added as Service Objects to your firewall.
    • Destination
      • Click on the folder icon at the top of the destination box tload the pre-defined variables.
        • From the list of pre-defined variables, drag the following option tthe destination box:
          • LAN1 (Network)
      • Click “Save” after completing this rule.
    • Note: After creating the above rule, the above variables will be save intthe “Pre-configured” list and the outbound rule will be a drag-and-drop process, sthe particular ranges and variables will not be specified. If you are unsure, reference the rule parameters above.
    • Note: Within the Sophos UI search function, search for NTP, and it will pop
      in as a preset service. From here you can drag and drop the service object into the
      active services window. Be sure to then attach this service object
      to the service group as well. This will cause the date and time to synchronize properly
      on the phones.
    • Create the second rule by clicking on the “New Rule” button:
      • From the Group selection list, select “ <<New group>>”
        • Name this group: VoiceServicesOut
        • Position: again, this will be based on any rules already configured.
      • Sources: Click on the folder and load the pre-configured variables.
        • Drag the option: LAN1 (Network)
      • Services: Click on the folder and load the pre-configured variables.
        • Drag the options for the address objects for IPs created earlier.
      • Destination: Click on the folder and load the pre-configured variables.
        • Drag the options for the service objects for ports created earlier.
      • Click “Save” after completing this rule.
  4. Still within Network Protection top menu, we will now move from Firewall to NAT
    • This part may or may not be required. If your Sophos appliance was already passing traffic to/from the internet, then this step can be disregarded.
      • Click on the “New Masquerading Rule”
        • Network:
          • Click on the folder button tload the pre-configured options.
          • Drag the “Any” option over.
        • Position: 1
        • Interface: WAN
        • Save.
  5. This appliance is QoS capable and this will have tbe evaluated based upon your available ISP bandwidth.
    • Primary recommendation is tset this based upon the WAN interface.
      1. Interface and Routing > Quality of Service (QoS)
        1. Click “Edit” for the WAN interface
        2. Set the Downlink and Uplink utilizing the following speedtest:
          1. http://telecomsvc.com/broadbandtester/
        3. Check the box for: Upload optimizer.
        4. Click Save.
  6. Final step is to set the DNS Forwarders
    • Network Services > DNS
      1. Select the “Forwarders” tab
        1. In the dialog box, click on the green “+” button
        2. Add two forwarders
          1. Name: Google1
            1. IPv4 Address: 8.8.8.8
            2. Save
          2. Name: Google2
            1. IPv4 Address: 8.8.4.4.
            2. Save
      2. Uncheck the box: Use forwarders assigned by ISP