Avaya IP Office - SIP Phone with Sophos Firewall

[EngMajdi82]

Hello ...

I have a customer have IPO 8.1 and 3rd party IP Endpoint license, we configure it and working through WiFi, now we need to configure Sophos firewall, the customer configure the NAT and open the SIP and RTP port, but the SIP is unable to register to IPO , the phone replay 408 code?
is there any additional instruction on the sophos that can help us to be the sip phone to working ?

Thanks.

 

[janni78]

First of all, if you have opened port 5060 from any destination to your IP Office it won't take long until you 'll be spammed with registration attempts and eventually get a fat phone bill.

Do you even see the phone trying to register in a Monitor trace?

"Trying is the first step to failure..." - Homer

 

[Okkie26]

Did you setup an IP route to the external phones IP Address?

 

[EngMajdi82]

Hello All,

The Phone never trying to register in a Monitor.
The IP Route Setup :
IP Address: 0.0.0.0
SubnetMask: 255.255.255.0
Gateway: 192.168.0.254 (the customer network gateway)

Thanks

 

[derfloh]

Subnet Mask must be 0.0.0.0.

But as mentioned we would highly NOT recommend to open port 5060.

 

[EngMajdi82]

Hello ...

why you recommend not to open the port 5060?
How could the SIP client register if the SIP Port not opened ?

Thanks

 

[amriddle01]

You use a VPN client, that's way it's secure, the way you've done it hackers will be on it day and night

 

[derfloh]

You can be a little more secure by only allow SIP TLS by opening only port 5061 but one weak combination of username and password and you have the same problem.

Best way is to use either VPN or place a SBC in between the public network and the call server.

You should also be aware that IPO is pre-configured to use a wide range of UDP ports for RTP that includes the ports used to connect manager, monitor, SSA... So give it a try and configure the IPO over the firewalls public IP! If it not already done by another one...