Configuring Sophos XG to work with 8x8
Sophos XG 85 also applies to other models.
Before you begin login to the Firewall:
Login to the firewall using any SSH client, we are going to use Putty in this example:
Once you are in Device console mode, type "show advanced-firewall" to view current firewall status:
Here are the items that we need to configure:
Load SIP Module
Sophos Firewalls are one of the few devices that require SIP ALG to be enabled as of writing this article. This may change with new firmware versions.
Tested Version: SFOS 17.1.2 MR-2
Type " system system_modules show" to view the current status of the SIP module.
If you see "sip" "unloaded" type in the following command to load SIP:
system system_modules sip load
Run "system system_modules show" to make sure sip module is loaded.
Set UDP timeout
Run command "show advanced-firewall"
Run command "set advanced-firewall udp-timeout-stream 660" to set UDP timeout.
Turn off Strict Policy
Run command "set advanced-firewall strict-policy off" to turn off strict policy
Add 8x8 subnets to QoS and Firewall
Navigate to Firewall, Enter rule name and set rule position to "Top"
Make sure to Set source zone to "LAN" and Set desitnation Zones to "WAN"
Known issues with incorrectly configured Sophos:
- Call Misrouting
- Call drops
- Call transfers failing
- Device connectivity and registration issues
Sophos devices require the SIP Module to be enabled for SIP traffic to pass correctly on the LAN. While testing the XG85 it was discovered that with SIP Modules disabled the phones would experience issues with:
- Line Unregistered errors
- URL calling disabled
- SIP traffic being blocked, causing dropped calls or one way audio
- Based on Sophos KB, it appears SIP module enables traffic for VOIP