Firewall Settings for Sophos UTM 9

If you're using a Sophos UTM 9 Firewall, these are the settings you'll need to consider when you're setting up your firewall for Cradle.

Overview

  1. If you're using a Sophos UTM 9 firewall, there are certain issues that can be overcome by setting custom settings for Cradle
  2. This firewall has SIP ALG enabled as a default. Disable SIP ALG following the steps at the bottom of this help article. 

Firewall Rules

    • Once logged in, add two new rules to allow traffic to and from the Cradle media servers (listed here), on the ports and services listed on the same page. 

Quality of Service

    • You can set your UTM up to prioritise outbound VoIP traffic. We recommend reading this help article to understand how to set up QoS and prioritise traffic to and from the IP addresses you have already whitelisted for the firewall for Cradle media traffic. 
    • Cradle voice packets will be tagged with DSCP header 46. You can also shape/prioritise traffic based on this header. 

    How to disable SIP ALG

    SIP ALG should be disabled as follows:

    1. Log in to the Command Line Console (CLI) using Telnet or SSH, or from  admin > Console in the web interface
    2. Choose Device Console.
    3. Execute the following command: 
    console> system system_modules sip unload

    Sophos Home Software

    If you're running the Sophos Home Premium software on your machine instead of the on premise solution, you may just need to follow the instructions here on each computer to allow Cradle.