X-Lite SIP Phone doesn't like Comodo


I have installed Comodo Firewall Pro today in place of Zone Alarm and I use the computer as a VoIP system with X-Lite as the SIP Phone http://www.counterpath.com/xlite-overview.html. My SIP phone initialises and logs on but after a few minutes it is cut off with a Registration error: 408 - Request timeout.

I have talked with the ADSL and VoIP providers and there is no problem at their end and the only change I made was to the firewall and it worked perfectly until then. If I switch the Comodo Firewall off then I get a good connection but within 15 seconds of re-initialising Comodo the VoIP goes offline. I have added the X-Lite.exe to the “Application monitor” and “allowed” it but there must be something else I need to do, anyone have any (not too technical) ideas?

System: HP Centrino Laptop / Windows XP Pro (all updates) / Comodo Firewall / Norton AV /


dont allow at once, just recognize it wants.

means delete it and dont click at once remember.

follow each popup so u get used it needs, then begin to make a steady rule


PS: and might watch if there SUB- buttons on the popups, so you need allow a dll too


Welcome to the forums! Check out this thread about X-Lite (I knew I’d seen it before!).
The user there found out it was an issue with CAVS, which had also been installed. Perhaps you did the same?

Looks like (for CFP) an application rule should be all you need; hopefully that thread will help. Per their website, you shouldn’t need any ports opened up for Inbound connections in Network Monitor (no ports to be forwarded); it’s supposed to be an easy go…


Hello meier thanks but I forgot to mention I have been using Comodo on other computers for quite some time but only just started using it with my main VoIP laptop so thanks anyway.

Little Mac, I followed what you said and I have copied the data below, which appeared in the activity logs - minus some of the IP address :slight_smile:

Any thoughts on what I must do to make Comodo and X-Lite play nicely?


Date/Time :2007-10-02 21:13:09
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Fragmented IP Packet)
Direction: IP Incoming
Source: 87.xxx.240.xxx
Destination: xxx.1xx.1.3
Protocol : UDP
Reason: Fragmented IP packets are not allowed

Date/Time :2007-10-02 21:13:09
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Fake or Malformed UDP Packet)
Direction: UDP Incoming
Source: 87.xxx.240.xxx:5060
Destination: xxx.1xx.1.3:20568
Reason: UDP packet length and the size on the wire(7421 bytes) do not match

So the CAVS’ compatibility issue isn’t your problem?

Based on those two log entries, it looks like Protocol Analysis is getting you. If those entries are directly related to X-Lite, then there are some packet problems. Given that the only other user I’m aware of, had no problems between X-Lite and CFP, I’m not sure why you’d have these issues.

Two things I would look at:

  1. Is this type of error consistent and reproducible every time you run X-Lite?
  2. Is the port listed (20568) consistent? If so, is this defined in X-Lite’s configuration anywhere?

Thinking out loud… I know their website says you don’t need to forward any ports (which would = Allow In UDP to Destination Port in Network Monitor), but I’m wondering if with current version it might be needed? However, if there are packet issues, Intrustion Detection is going to trump Network Monitor and you wouldn’t be able to connect anyway, so that wouldn’t be a solution.

The only thing I can think (no longer out loud) is to try disabling Block Fragmented IP Datagrams in Security/Advanced/Advanced Attack Detection & Prevention/Miscellaneous (if currently enabled). If it’s not enabled already, then disable Do Protocol Analysis.


Hi Little Mac

thanks for that, I couldn’t find any mention of port 20568 in my desktop X-Lite, maybe it is a little deeper than I can reach??

I used your “fix” of disabling “block fragmented ip datagrams” which didn’t work on it’s own but when I also disabled “do protocol analysis” it did work.

I don’t know how vulnerable that leaves my system though, I may well sleep on it and re-install Zone Alarm tomorrow.

Thanks, at least you “cracked it”


After having disabled Protocol Analysis, did you re-enable Block Fragmented…? I’d like to know if it works with just the one.

These are global settings, and do decrease your level of security. I don’t know why the packets would be messed up; it would seem to be some issue with the application and/or physical hardware configuration (router, etc) somewhere along the way.

I know that with some applications (p2p, some gaming consoles) for some users, the only way to get them to work is to disable some of these settings. As a “work-around” you could disable when using X-Lite and re-enable after. That may not be quite so handy, though…

You had ZA installed before… There are a lot of users posting issues (with strange problems) due to the way ZA doesn’t properly uninstall. You might look into remnants of ZA still on your computer. IF there are any pieces of it left, it may be getting in the way. Wouldn’t be the first time. Here’s one link into a thread discussing such removal:



I just “re-ticked” Block Fragmented and it still works although that is the only box out of the 5 available that is ticked.


Normally, Do Protocol Analysis is all that a regular user would have on. The others are typically not necessary and degrade performance unnecessarily. However, given that you’re turning that one off, I would consider it good to have Block Fragmented on.

BTW, from the thread I linked, here is a post with a very detailed explanation from ZoneLabs about the uninstall of ZA. You might check the component list to see if any of these are floating around. Also check in Services, your Startups, etc. It may have nothing to do with ZA, but this would fit with other ZA issues I’m aware of, and would be a relatively easy fix to the problem (if indeed that’s the case). https://forums.comodo.com/help/i_cant_post-t7369.0.html;msg55486#msg55486