Sophos Firewall Configuration

Hello, everybody,

I want to run Jitsi meet behind a Sophos UTM 9.
I have already published the Jitsi instance via Web Server Protection.

It also works great with 2 users. I have read the deployment notes regarding NAT firewalls, but I can’t get it to work.

The https ports are routed to the Jitsi instance, also udp 10000-20000

Nevertheless, the conference breaks down if a third participant takes part.

Maybe you can give me a hint.

Alex

Have you set up private and public address in jvb config?

Hi damencho,

yes ich configured that:

org.jitsi.videobridge.NAT_HARVESTER_LOCAL_ADDRESS=x.x.x.x
org.jitsi.videobridge.NAT_HARVESTER_PUBLIC_ADDRESS=x.x.x.x

Hi Damencho,

i followed these instructions:

So these are the problems that can lead to this experience: not working port forwarding, firewall blocking port 10000, not having correct ip-addresses in jvb config for public and private addresses.
It maybe that your network does not allow sending/receiving udp, maybe.

Good morning,

if we use the jvb config you mean the /etc/jitsi/videobridge/sip-commuicator.properties right ?

The Sophos firewall is set up correctly in my opinion. I will run portscans from external portscans again today.

I will get back to you on this.

That is the config. Does portscan works for udp?

Hi Damencho,

it seems to bee a fireall issue. As I did a portscan the portrange UDP 10000-20000 is not accessable.

Is there a way to use TCP connections only ? I thik i had read something like that. I just started a topic in the Sophos forum. but i think i have to wait there …

Regads,

Alex

You need turnserver … If you uninstall/purge everything as described in quick install mode, switch to debian unstable repo and install from there, do the let’s encrypt to obtain certs you will get turnserver and jvb on same machine everything behind nginx and tcp will work, but mind that using tcp for media can reduce quality significantly.

Good morning damencho,

i have now got jitsi running behind my Sophos firewall, but i now have the following problem.

If a third or fourth participant enters the session, the quality of the conference will drop completely, up to complete disconnections.

Do you have an idea?

Best regards,

Alex

Hi there,

the sophos connection Problems are finaly solved.
For everyone who wants to know, you have to disable the UDP flood protection.

Thx, for the support

Alex