Sophos XG v18: Troubleshooting guide with SIP protocol on Sophos XG firmware version 18


Tutorials on troubleshooting SIP protocol issues on Sophos XG devices. SIP ALG is enabled by default on Sophos. It is the cause that affects the registration of IP phone devices to the PBX and affects calls of the PBX system. Besides, the article also guides you to handle problems related to UDP Timeout Stream parameters and VoIP call drops or poor quality when there are VPN Site to Site or IPS configurations

How to configure

  • Login to Sophos XG by Admin account
  • Login to Console interface of XG devices -> Choose admin -> Choose Console
  • Choose number 4 (Device console)
  • Console of the Sophos XG device
  • Disable SIP on Sophos device

console> system system_modules sip unload

  • Check the status of SIP on Sophos XG

console> system system_modules show

  • Once SIP is turned off on Sophos but there are still some VoIP problems that will often occur due to the UDP Timeout error value. Sophos XG Firewall has a UDP Timeout of 60s, VoIP product providers will recommend the UDP Timeout for the best experience and that value is 150s, which is prefect for most products. VoIP -> We will change the UDP Timeout Stream parameter on the Sophos XG device
  • On the console -> Type the command show advanced-firewall
  • We will change the UDP Timeout to 150s

set advanced-firewall udp-timeout-stream 150


** After changing UDP Timeout parameters, the VoIP experience is stable, but with VoIP call drop or poor quality when there are VPN Site to Site or IPS configurations on Sophos XG, we will handle that problem as follows

  • Disable IPS sip_preproc on Sophos XG

set ips sip_preproc disable

  • Disable VPN conn-remove-tunnel-up on Sophos XG

set vpn conn-remove-tunnel-up disable


Be the first to comment

Leave a Reply

Your email address will not be published.


This site uses Akismet to reduce spam. Learn how your comment data is processed.