Softphone can only accept SIP (VoIP) calls when firewall is deactivated

I have tried many settings, but to no avail. The problem I have is that I am in an environment where I cannot influence router port forwarding. The good part is that when I deactivate Comodo Firewall, my softphones (PhonerLite or X-Lite) can accept SIP calls from my registered number at But as soon as I activate the firewall again, calls do not comet through anymore, even though I tried to open up the firewall by several experimental rules.

Can somebody explain to me exactly how I can configure the product in a way which allows me to use my SIP softphones for incoming connections? I do not even see any activity in the firewall’s log, so I have no clue whatsoever what is happening and which rule might block which packets on which ports, so as to selectively and incrementally open up just the necessary “doors” to my system.

BTW, my “about” dialog says: COMODO firewall, version 3.8.65951.477

Can you tell us what open ports are needed for these apps?

Can you show us Global Rules as well as the Application Rules for these programs?

I have attached Information from Freenet in a PDF file (in German). But as I said, it works with Comodo Firewall deactivated. Can you explain how to find out which ports I really need? I want to see incoming connections in a log (but the log remains empty so far) or - even better - be alerted nd asked upon an incoming call if I want to allow it or not. This way I could interactively create a rule.

BTW, I want to attach another document with screenshots from my application and network security settings, but the GUI here offers just one file to be attached, as it seems. My VoIP applications have the status “trusted application”, and I have no specific ports opened additionally, because it did not work even with a rule to open every port between 1025 and 65000.

Edit: OMG, do I really have to modify the post everytime I want to add another attachment? Unbelievable!

[attachment deleted by admin]

You can add more than one image at a time. Simplly click on the link saying “more attachments” behind the input field Attach.

I read the PDF and you need to open the ports UDP 3478 and 3479 for the Stun server. For the speech data the ports USP 16384-16390 need to be opened.

To open ports so you need to add that to the Global Rules.
To open the port UDP 3478 and 3479

Go to Firewall → Advanced → Network Security policy → Global Rules → Add → fill in the following:
Action: Allow
Protocol: UDP
Direction: In
Description: Incoming Stun Server traffic

Source address: Any
Destination Address: Choose MAC or Single IP address (only when it is fixed) or Host Name
Source Port: Any
Destination Port: A port range. Fill in the range

Then push Apply → Ok.

Follow the same routine for the other port range. When done make sure the new rules are above the block rule at the bottom.

As I said, this does not work. I just tried and did exactly what you said. I must deactivate the firewall, otherwise incoming calls do not get through. I even created a rule “Allow TCP or UDP from IP Any to IP Any where source port is Any and destination port is Any” (allow all!!!) and made it first global rule, but to no avail. Do I need to restart the computer in order for this to take effect?

How can I analyse his? I am quite technically adept, though no networking expert, but there must be a way to log this or get alerted about what is happening here.

First we need to make sure there are open ports on your router as well. Did you open ports on the router? Can you tell me whether the programs and router support Universal Plug and Play (uPnP)? UPnP, among other things, allows programs to open and close ports on your router.

Eric, please read my previous messages more carefully. As I said, I am in an environment where I cannot influence any router or firewall settings beyond my personal desktop firewall. And as I also said, everything works fine as soon as I set “firewall security level” to “disabled”.

This clearly means that Comodo must be the culprit, because everything works fine with Comodo switched off.

Starting from the assumption the program use uPnP and that uPnP is allowed in your network situation it is mandatory that explorer.exe is set to Outgoing Only or Web browser.

No, I don’t think UPnP is activated. At home I even removed the UPnP daemon from my firmware (I am one of the creators of the Freetz firmware mod) and the symptoms are the same. And by the way, “UPnP NAT” option in PhonerLite is deactivated. Furthermore, I tried to specify explorer.exe as “outgoing only”, “Trusted application” or whatever - it does not work either way.

Please concentrate on what I wrote and please also consider the possibility of a bug in Comodo. The symptoms I see here look very much like a bug, wouldn’t you agree?

Well, finally I took the trouble to install Wireshark and log/analyse the packets going through my system during an incoming SIP call. I saw that SIP invites came as two fragmented IP packages which were reassembled when Comodo was inactive, but obviously dropped or ignored when Comodo was active.

The solution was to deactivate “Firewall → Advanced → Attack Detection Settings → Miscellaneous → Block Fragmented IP Datagrams”, see attached screenshot.

So I was right, Comodo was the source of the problems. Maybe sometimes fragmented datagrams are more than an attack, after all. Hopefully my solution helps others with similar problems, too.

[attachment deleted by admin]

Thnx For Sharing…

Kudos for your tenaciousness and finding the solution.:-TU

It seems that to check “Atack Detection Settings” using trial/error method is always a good idea when you have trouble using any VoIP technology…

My story:
I was unable to hear anything from another abonent until tried to clear “Do protocol analysis” checkbox.
The software name is “Sippoint Mini” and it is not actually using SIP protocol, but uses XIMSS instead.