Skip to main content
8x8 Support

Configuring Sophos XG firewall for 8x8

Important-Icon.png The purpose of this article is to provide a sample configuration. At the time of article creation, this device was in a known working state on the firmware used. 

Keep in mind different firmware versions will interact with hosted VoIP services in different ways. While this device may be fully functional on the tested and/or current firmware version, it is possible newer revisions will cause disruptions in service or make a device fully compliant with the required settings for hosted VoIP services where it was previously not.


Configuring Sophos XG to work with 8x8

Applies To

Sophos XG 85 also applies to other models.


Before you begin login to the Firewall:

Login to the firewall using any SSH client, we are going to use Putty in this example:


Once you are in Device console mode, type "show advanced-firewall" to view current firewall status:


Here are the items that we need to configure:

Load SIP Module


Sophos Firewalls are one of the few devices that require SIP ALG to be enabled as of writing this article. This may change with new firmware versions.

Tested Version: SFOS 17.1.2 MR-2

Type " system system_modules show" to view the current status of the SIP module.


If you see "sip" "unloaded" type in the following command to load SIP:

system system_modules sip load

Run "system system_modules show" to make sure sip module is loaded.

Set UDP timeout

Run command "show advanced-firewall"


Run command "set advanced-firewall udp-timeout-stream 660" to set UDP timeout.

Turn off Strict Policy

Run command "set advanced-firewall strict-policy off" to turn off strict policy


Add 8x8 subnets to QoS and Firewall

Navigate to Firewall, Enter rule name and set rule position to "Top"


Make sure to Set source zone to "LAN" and Set destination Zones to "WAN"

Here is 8x8 technical document link to get 8x8 subnet information.

Additional Information

Known issues with incorrectly configured Sophos:

  • Call Misrouting
  • Call drops
  • Call transfers failing
  • Device connectivity and registration issues 

Sophos devices require the SIP Module to be enabled for SIP traffic to pass correctly on the network. While testing the XG85 it was discovered that with SIP Module disabled the phones would experience issues with: 

  • Was this article helpful?