Known Issues

  1. This appliance is a Linux based firewall. Without a correct configuration, they will cause intermittent sip registration and call quality issues for VoIP based services.
  2. This appliance does have SIP modules that are not activated by default. They are however designed for networks that host an internal SIP based PBX system.
  3. The SIP modules on this appliance are not necessary for remotely hosted VoIP phone systems.

Resolution

  1. Login to the firewall
  2. Click on Network Protection > Firewall
  3. Add the following two rules, please note, these are not designed to adversely impact any rules that have already been created for your organization.
    • Click on the button “New Rule”.
    • From the Group selection list, select “ <<New group>>”
      1. Name this group: VoiceServicesIn
    • Position: This will be determined based upon any rules already in place. At this time, there are not any known issues with the particular numbering order of these rules.

      HPBX 2.0

    • Sources:
      • Name: Cloud Voice RTP Server Block 1
        • Type: Network
        • IPv4 Address:
          • Account before 5/6/15: 64.28.114.0
          • Account after 5/6/15: 64.28.124.0
        • Netmask: /24 (255.255.255.0)
      • Name: Cloud Voice RTP Server Block 2
        • Type: Network
        • IPv4 Address:
          • Account before 5/6/15: 64.28.116.0
          • Account after 5/6/15: 64.28.123.0
        • Netmask: /24 (255.255.255.0)
      • Name: Cloud Voice SIP Register Server
        • Type: Host
        • IPv4 Address: 64.28.115.146
      • Name: Cloud Voice Phone Config Server 1
        • Type: Host
        • IPv4 Address: 64.28.115.146
      • Name: Cloud Voice Phone Config Server 2
        • Type: Host
        • IPv4 Address: 64.28.112.148
      • Name: Cloud Voice DNS/Time Server 1
        • Type: Host
        • 64.28.112.157
      • Name: Cloud Voice DNS/Time Server 2
        • Type: Host
        • IPv4 Address: 64.28.115.137
      • Name: Cloud Voice DNS/Time Server 3
        • Type: Host
        • IPv4 Address: 64.28.126.9
      • Name: Cloud Voice Ping Test Server 1
        • Type: Host
        • IPv4 Address: 64.28.122.110
      • Name: Cloud Voice Ping Test Server 2
        • Type: Host
        • IPv4 Address: 64.28.121.110
      • Name: Cloud Voice VoIP Test Server 1
        • Type: Host
        • IPv4 Address: 64.28.122.103
      • Name: Cloud Voice VoIP Test Server 2
        • Type: Host
        • IPv4 Address: 64.28.122.102
      • Name: Cloud Voice VoIP Test Server 3
        • Type: Host
        • IPv4 Address: 64.28.121.101
    • HPBX 1.0
    • Sources:
      • Name: Cloud Voice RTP Server Block 1
        • Type: Network
        • IPv4 Address: 206.225.167.64
        • Netmask: /26 (255.255.255.192)
      • Name: Cloud Voice RTP Server Block 2
        • Type: Network
        • IPv4 Address: 199.193.202.64
        • Netmask: /27 (255.255.255.224)
      • Name: Cloud Voice SIP Register Server
        • Type: Network
        • IPv4 Address: 206.225.166.128
        • Netmask: /28 (255.255.255.240)
      • Name: Cloud Voice Ping Test Server 1
        • Type: Host
        • IPv4 Address: 64.28.122.110
      • Name: Cloud Voice Ping Test Server 2
        • Type: Host
        • IPv4 Address: 64.28.121.110
      • Name: Cloud Voice VoIP Test Server
        • Type: Host
        • IPv4 Address: 64.28.122.103
    • HPBX 2.0
    • Services:
      • Name: Cloud Voice SIP Main
        • Type of definition: UDP
        • Destination Port: 5678:6061
        • Source Port: 5678:6061
      • Name: Cloud Voice SIP Local
        • Type of definition: UDP
        • Destination Port: 6100:6899
        • Source Port: 6100:6899
      • Name: Cloud Voice RTP Block
        • Type of definition: UDP
        • Destination Port: 30000:60000
        • Source Port: 30000:60000
    • HPBX 1.0
    • Services
      • Name: Cloud Voice RTP Audio Range
        • Type of definition: UDP
        • Destination Port: 35000:60000
        • Source Port: 35000:60000
      • Name: Cloud Voice SIP UDP
        • Type of definition: UDP
        • Destination Port: 5060:5061
        • Source Port: 5060:5061
      • Name: Cloud Voice SIP TCP
        • Type of definition: TCP
        • Destination Port: 5060:5061
        • Source Port: 5060:5061
    • Destination
      • Click on the folder icon at the top of the destination box tload the pre-defined variables.
        • From the list of pre-defined variables, drag the following option tthe destination box:
          • LAN1 (Network)
      • Click “Save” after completing this rule.
    • Note: After creating the above rule, the above variables will be save intthe “Pre-configured” list and the outbound rule will be a drag-and-drop process, sthe particular ranges and variables will not be specified. If you are unsure, reference the rule parameters above.
    • Create the second rule by clicking on the “New Rule” button:
      • From the Group selection list, select “ <<New group>>”
        • Name this group: VoiceServicesOut
        • Position: again, this will be based on any rules already configured.
      • Sources: Click on the folder and load the pre-configured variables.
        • Drag the option: LAN1 (Network)
      • Services: Click on the folder and load the pre-configured variables.
        • Drag the options for HPBX 2.0:
          • Cloud Voice SIP Main
          • Cloud Voice SIP Local
          • Cloud Voice RTP Block
        • Drag the options for HPBX 1.0:
          • Cloud Voice RTP AudiRange
          • Cloud Voice SIP UDP
          • Cloud Voice SIP TCP
      • Destination: Click on the folder and load the pre-configured variables.
        • Drag the options for HPBX 2.0:
          • Cloud Voice RTP Server Block 1
          • Cloud Voice RTP Server Block 2
          • Cloud Voice SIP Register Server
          • Cloud Voice Phone Config Server 1
          • Cloud Voice Phone Config Server 2
          • Cloud Voice DNS/Time Server 1
          • Cloud Voice DNS/Time Server 2
          • Cloud Voice DNS/Time Server 3
          • Cloud Voice Ping Test Server
          • Cloud Voice VoIP Test Server 1
          • Cloud Voice VoIP Test Server 2
          • Cloud Voice VoIP Test Server 3
        • Drag the options for HPBX 1.0:
          • Cloud Voice RTP Server Block 1
          • Cloud Voice RTP Server Block 2
          • Cloud Voice SIP Register Server
          • Cloud Voice Ping Test Server
          • Cloud Voice VoIP Test Server
      • Click “Save” after completing this rule.
  4. Still within Network Protection top menu, we will now move from Firewall to NAT
    • This part may or may not be required. If your Sophos appliance was already passing traffic to/from the internet, then this step can be disregarded.
      • Click on the “New Masquerading Rule”
        • Network:
          • Click on the folder button tload the pre-configured options.
          • Drag the “Any” option over.
        • Position: 1
        • Interface: WAN
        • Save.
  5. This appliance is QoS capable and this will have tbe evaluated based upon your available ISP bandwidth.
    • Primary recommendation is tset this based upon the WAN interface.
      1. Interface and Routing > Quality of Service (QoS)
        1. Click “Edit” for the WAN interface
        2. Set the Downlink and Uplink utilizing the following speedtest:
          1. http://telecomsvc.com/broadbandtester/
        3. Check the box for: Upload optimizer.
        4. Click Save.
  6. Final step is to set the DNS Forwarders
    • Network Services > DNS
      1. Select the “Forwarders” tab
        1. In the dialog box, click on the green “+” button
        2. Add two forwarders
          1. Name: Google1
            1. IPv4 Address: 8.8.8.8
            2. Save
          2. Name: Google2
            1. IPv4 Address: 8.8.4.4.
            2. Save
      2. Uncheck the box: Use forwarders assigned by ISP