ComputersVOIP

Sophos UTM configuration for Obi

Sophos UTM configuration for Obi

For those of you running the Sophos UTM appliance and who are interested in running an Obi device behind your Sophos UTM appliance, we have put together a selection of firewall rules and other configuration changes for Sophos UTM configuration for Obi. ย First things first, we need to look at all the required ports that need to be opened for Obi. ย The forums on Obi recommend that you open the following ports to allow successful communication:

Allow Outgoing:
TCP Ports: 6800, 5222, 5223
UDP Ports: 5060, 5061, 10000 to 11000, 16600 to 16998, 19305
Allow Incoming on UDP Port: 10000

However, I have observed a couple of other UDP ranges that get smashed by Sophos UTM in testing:

Outgoing:

  • Extended the range they mention above to include UDP ports 10000-12000
  • Added a new range to include 12200-13000ย (You could actually just extend the range above from 10000-13000 to include this range, however, I literally included the ranges I saw in the firewall logs, so that is why I split both of them off.

obisophos_01

 

Incoming:

So far on the incoming side, I have observed the same port connection they document, UDP port 10000

Obi Configuration Itself:

I had a pesky issue where my Obi in testing would work for a day or so and then I would pick up the phone and it would tell me that it wasn’t connected to Google Voice. ย I tested many different options with passwords, 2 Factor authentication and other issues.

The error message: “Backing off authentication error”

The resolution to the issue turns out to be DNS related as the Obi appears to not like the DHCP assigned DNS address of the Sophos box to make its way to Obitalk and other connections. ย Take a look at the official forum post from Obi here which describes this behavior with OpenDNS. ย To manually set your Obi device to a public DNS server, login directly to your Obi device (not Obitalk portal) and manually set the WAN setting DNS server to the public serverย 4.2.2.2ย as shown below. ย Note the forum post referenced on this issue has an outdated directive to updateย network settings, however, they have updated the portal or this was incorrect to begin with as on my Obi 200 this is found under WAN settings.

obisophos_02

 

I was a bit skeptical at this workaround when I saw this on one of the forums, however, when the setting was implemented, the system has now been connected for several days and shows no signs of disconnecting as was the case before. ย If you guys find any other settings that would be helpful to mention other than the ones I have listed here, please comment in the comments section below and I will get the post updated to reflect those entries.

 

 

 

Subscribe to VirtualizationHowto via Email ๐Ÿ””

Enter your email address to subscribe to this blog and receive notifications of new posts by email.



Brandon Lee

Brandon Lee is the Senior Writer, Engineer and owner at Virtualizationhowto.com, and a 7-time VMware vExpert, with over two decades of experience in Information Technology. Having worked for numerous Fortune 500 companies as well as in various industries, He has extensive experience in various IT segments and is a strong advocate for open source technologies. Brandon holds many industry certifications, loves the outdoors and spending time with family. Also, he goes through the effort of testing and troubleshooting issues, so you don't have to.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.