Resolve common VoIP issues

How to resolve common VoIP issues.

The most common issues encountered with VoIP are poor call quality, one way audio, or calls dropping.

You only need to carry out the steps that are relevant to your own VoIP setup.

UDP time-out value causes VoIP calls to drop or have poor quality

What to do if VoIP calls drop or have poor quality.

Condition

VoIP calls drop or have poor quality.

Cause

If there are no errors in the SIP configuration, VoIP issues are usually due to the UDP time-out value.

XG Firewall has a default UDP time-out of 60 seconds which is usually low for reliable VoIP communication. Usually the VoIP provider recommends a UDP time-out value, typically 150 seconds.

To change the current UDP time-out value from the command line interface (CLI), choose option 4. Device Console and do as follows:

Remedy

  1. Type: show advanced-firewall

    The current UDP time-out value is shown next to UDP Timeout Stream.

  2. Type: set advanced-firewall udp-timeout-stream 150

    The above command will increase the UDP time-out to 150 seconds. If your provider recommends a different value, use that.

VoIP call issues over site-to-site VPN or with IPS configured

Resolve issues with VoIP call quality when there is a site-to-site VPN or IPS configured on XG Firewall.

Cause

When there is a site-to-site VPN or IPS, or both configured in the XG Firewall, do as follows to resolve issues with VoIP calls dropping or poor quality calls:

Remedy

  1. Type: set ips sip_preproc disable

    This will disable the preloaded IPS patterns for SIP.

  2. Type: set vpn conn-remove-tunnel-up disable

    When disabled, XG Firewall will not flush the connections when IPsec tunnels come up.

How to turn on or turn off the SIP module

Load or unload the SIP module as required.

Condition

The SIP module is enabled by default and provides the following functions for SIP traffic:

  • Uses UDP port 5060.
  • Handles NAT of local IP addresses to public IP addresses.
  • Enables a dynamic voice channel by setting up an expected voice connection in the firewall.

Cause

To turn the SIP module on or off from the command line interface (CLI), choose option 4. Device Console and do as follows:

Remedy

  1. To turn the SIP module on, type: system system_modules sip load
  2. To turn the SIP module off, type: system system_modules sip unload

Audio and video calls are dropping or only work one way when H.323 helper module is loaded

Resolve audio and video issues when the H.323 module is loaded.

Cause

If the H.323 helper module is loaded along with proper firewall rules or DNAT rules, and audio or video continues to drop or only works one way, application-level NAT might not be occurring.

Remedy

  1. From the command line console type: system system_modules h323 unload
  2. Configure a transparent subnet gateway by following knowledge base article 123525.
  3. Start a video call from a Polycom device which is behind XG Firewall and check if it is functioning correctly.

The phone rings but there is no audio when you're using a VPN or Sophos Connect.

Condition

You are able to place a call and the receiving phone rings but, no audio is heard.

Cause

This happens when the caller is unable to send data at the RTP stage of a SIP connection. This is shown in the image below where Alice is the caller and Boris is the recipient.

Remedy

  1. Go to Rules and policies > Firewall rules.
  2. Make sure you have configured a firewall rule for SIP.
  3. Make sure you select the recipient's network in Destination networks. Normally you will want to have this set to Any so that you can call any phone.

DoS & spoof protection and VoIP

Condition

Unstable VoIP connection when when DoS settings for UDP rate are applied.

Cause

UDP flood settings cause VoIP traffic to drop.

Remedy

  1. Go to Intrusion prevention > DoS & spoof protection.
  2. clear the Apply flag check boxes for UDP flood.
  3. Test the VoIP connection.
  4. If this resolves the VoIP issue lower the UDP flood protection values before applying the flag again.

    There is no set value that because each environment is different. Adjust the values until you find those that works with your VOIP setup.