Skip to main content
Configuring Sophos XG firewall for 8x8
8x8 Support

Configuring Sophos XG firewall for 8x8


Configuring Sophos XG to work with 8x8

Applies To

Sophos XG 85 also applies to other models.


Before you begin login to the Firewall:

Login to the firewall using any SSH client, we are going to use Putty in this example:


Once you are in Device console mode, type "show advanced-firewall" to view current firewall status:


Here are the items that we need to configure:

Load SIP Module

Sophos Firewalls are one of the few devices that require SIP ALG to be enabled as of writing this article. This may change with new firmware versions.

Tested Version: SFOS 17.1.2 MR-2

Type " system system_modules show" to view the current status of the SIP module.


If you see "sip" "unloaded" type in the following command to load SIP:

system system_modules sip load

Run "system system_modules show" to make sure sip module is loaded.

Set UDP timeout

Run command "show advanced-firewall"


Run command "set advanced-firewall udp-timeout-stream 660" to set UDP timeout.

Turn off Strict Policy

Run command "set advanced-firewall strict-policy off" to turn off strict policy


Add 8x8 subnets to QoS and Firewall

Navigate to Firewall, Enter rule name and set rule position to "Top"


Make sure to Set source zone to "LAN" and Set desitnation Zones to "WAN"

Here is 8x8 technical document link to get 8x8 subnet information.

Additional Information

Known issues with incorrectly configured Sophos:

  • Call Misrouting
  • Call drops
  • Call transfers failing
  • Device connectivity and registration issues 

Sophos devices require the SIP Module to be enabled for SIP traffic to pass correctly on the LAN. While testing the XG85 it was discovered that with SIP Modules disabled the phones would experience issues with: