How to turn the Session Initiation Protocol (SIP) module on or off
The SIP module is turned on by default and provides the following functions for SIP traffic:
- Uses UDP port 5060.
- Translates local IP addresses to public IP addresses, updating the SIP header.
- Enables a dynamic voice channel by setting up an expected voice connection in the firewall.
Turning the SIP module on or off from the command line interface (CLI)
- Sign in to the command line using SSH. You can also access it from admin > Console in the upper-right corner of the web admin console.
- Choose option 4. Device Console.
-
Use the following commands.
- Turn on SIP module:
system system_modules sip load
- Turn off SIP module:
system system_modules sip unload
Note
The commands are persistent even if the firewall restarts.
- Turn on SIP module:
-
See the SIP module status:
system system_modules show
Use a custom port
If you're using a custom port for SIP communication and you want to load the same port under the Sophos helper module, run the below command:
system system_modules sip load ports <custom_port>
Note
The firewall supports SIP media ports in the range 1024-65535 with its SIP helper module.
If you load the firewall's SIP helper and set a media port outside this range, the firewall drops the packets, and VoIP calls may not connect. Event logs show the cause as Invalid Traffic
.
TCP support
The Sophos Firewall SIP helper doesn't support SIP and SDP messages spanning more than one packet. This can happen when you are using SIP over TCP.
The workaround is to use a SIP UDP control connection because, in UDP, a single SIP message is a single packet.
More resources