I have the same issue. I suspect it is cert related, but I can not verify.

My hunch is that it is related to DNS and Certs, although when I generated the cert I did add an entry for the public IP for external DNS resolution... so I could be wrong.

Anyone know what port presence is using? It's no longer using 5222 or 5223.

You need to use https over port 443 or 411(preferred) and a valid FQDN and a valid configurated certificate.

Enable System > LANx > "Use Preferred Phone Ports" to enable the use of port 411
Enable the Gatekeeper, SIP registrar and "Layer 4 Protocol" TLS>
Fill in the WAN ipaddress in system > LANx > "Network Topology" > "Public IP Addrss"
Fill in System > DNS data
Enable System > VoIP > VoIP > "Direct Media Within NAT location" if Voip audio fails
Set System > VoIP > VoIP Security to "Preferred". This is optional, it has impact to all IP Phones!
Assign the appropriate users a "Power User" License and enable "One-X Portal Services", "Enable Desktop/Tablet Voip Client" and "Enable Mobile VoIP Client" only
Get a DNS A-record like voip.customerdomain.com assigned to the customers WAN IP Address
On the local DNS server voip.customerdomain.com must point to the local IP Office IP Address.
On the firewall forward TCP port 411 and 5061 to IP Office and forward UDP 46750 upto 50750 towards the IP Office.
The below part about the 46xxsettings file is only to to bypass a bug in the Equinox Client 3.5.5 using a 3rd party Certificate.
Configure a self signed certificate in IP Office using the security manager and use these parameters:
The Subject Alternative Name(s) field should include the following entries, each separated by a comma. Multiple entries are required if using both LAN1 and LAN2:
Install the certificate if the IP Office onto the device
Install Equinox as per manual and use "https://FQDN:411/46xxsettings.txt" as the website to connect to FQN=voip.customerdomain.com

Quote (intrigrant)

The below part about the 46xxsettings file is only to to bypass a bug in the Equinox Client 3.5.5 using a 3rd party Certificate.

I see Equinox Client 3.5.6 is out, is that bug fixed and these steps are no long necessary?

It seems so...

I am having this same issue with a new client

We have version 3.5.6, a 3rd party UCC certificate (GoDaddy)and ports 411 and 5061 forwarded to the IPO.
They are not using Zand, but neither am I amd mine works on our in house kit no problem with the same arranment.
Do I need any other ports open?

device was configured with https://sip.domain.com:411/46xxsettings.txt using autogenerated.

Works no problem on the corp. WiFi

Thanks!

dave

Although he reports no red triangle when out of the office...

So, I find that presence and contacts do not work outside the LAN on Android and iPhone clients but seems to work fine on the Windows client...

Firewall... Wrong certificate..

My initial thought was firewall, however the windows client outside the office works fine - are there differences in port use?
Also I guess the cert is OK too if it's accepted by the Windows client?

Si it seems the only phone put of 3 not working for presence and contact is mine.
an iPhone and another Android phone work fine.
Windows clients work fine.

My phone works perfectly with our in-house kit.

I thought mine may be remembering old data so deleted any certificates I found on my phone and even uninstalled and re-installed the app.

Still nothing.

So, must be my phnoe but cannot figure out what!