The purpose of this article is to provide a sample configuration. At the time of article creation, this device was in a known working state on the firmware used.
Keep in mind different firmware versions will interact with hosted VoIP services in different ways. While this device may be fully functional on the tested and/or current firmware version, it is possible newer revisions will cause disruptions in service or make a device fully compliant with the required settings for hosted VoIP services where it was previously not.
Configuring Sophos XG to work with 8x8
Sophos XG 85 also applies to other models.
Before you begin login to the Firewall:
Login to the firewall using any SSH client, we are going to use Putty in this example:
Once you are in Device console mode, type "show advanced-firewall" to view current firewall status:
Here are the items that we need to configure:
Load SIP Module
Sophos Firewalls are one of the few devices that require SIP ALG to be enabled as of writing this article. This may change with new firmware versions.
Tested Version: SFOS 17.1.2 MR-2
Type " system system_modules show" to view the current status of the SIP module.
If you see "sip" "unloaded" type in the following command to load SIP:
system system_modules sip load
Run "system system_modules show" to make sure sip module is loaded.
Set UDP timeout
Run command "show advanced-firewall"
Run command "set advanced-firewall udp-timeout-stream 660" to set UDP timeout.
Turn off Strict Policy
Run command "set advanced-firewall strict-policy off" to turn off strict policy
Add 8x8 subnets to QoS and Firewall
Navigate to Firewall, Enter rule name and set rule position to "Top"
Make sure to Set source zone to "LAN" and Set destination Zones to "WAN"
Known issues with incorrectly configured Sophos:
- Call Misrouting
- Call drops
- Call transfers failing
- Device connectivity and registration issues
Sophos devices require the SIP Module to be enabled for SIP traffic to pass correctly on the network. While testing the XG85 it was discovered that with SIP Module disabled the phones would experience issues with:
- Line Unregistered errors
- URL calling disabled
- SIP traffic being blocked, causing dropped calls or one way audio
- Based on Sophos KB, it appears SIP module enables traffic for VOIP