- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- RE: Hosted SIP provider config help
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hosted SIP provider config help
We have around 50 Cisco IP phones (with SIP fw loaded) configured to use an external hosted SIP provider.
I have configured our phones to use DHCP on own lan with default gw configured as an interface on the fortigate.
So lan subnet 192.168.7.0/24 gw 192.168.7.254 (interface on ftg configured to use this address).
SIP Proxy: Hosted SIP provider ext IP addr
FTG Policy as follows:
PhonelanInt ==> WanInt
Allow: all
Src addr: any
Dest addr: SIP Proxy IP
Service: Any
Phones work mostly ok, but sometimes we get issues with a silence delay of 2 to 5 secs after call connects. The person making a call will hear the phone connect but will have to wait 2 to 5 secs before voice starts working. The same issue is seen when a person receiving the call will answer the phone to silence and will need to wait 2 to 5 secs before voice starts working. The other issue we have is that phones will drop registration and will need to be restarted in order for them to register again. Does anyone have any ideas as to why we get deathly silence on some calls after connection. Has this something to do with RTP sessions and NAT not working correctly? Is there a fw configuration that is suited to a purely hosted SIP provider. I have been pulling my hair out with this, I moved away from ISDN PriRate to save my company on line rental and call costs but reliability is becoming an issue. I have tested one of the SIP providers supplied handsets with their default settings and have the same problem.
Any pointers or tips will be helpful. Thanks.
5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Depending on your FortiOS version, it could be load on the SIP helper ... you could maybe disconnect (remove the entry) the SIP helper and create a VoIP profile and apply that to the rule ...
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
i' d suggest to use a recent Patch of either 4.2 or 4.3
Than change the Policy that allows " SIP" to be SIP (udp/tcp 5060) only and not ANY
Under UTM -> Create a new VoIP Profile. lets say " SIP" .
config voip profile
edit " SIP"
set comment " default VoIP profile"
config sip
set log-violations enable
set block-unknown disable
end
end
Attach this Profile in your SIP-Firewall-Policy (we just modified) under UTM Section
Don' t forget to tick NAT - assuming you NAT.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Should I disable sip session-helper, do I need to restart the FW? How do I make sure existing SIP sessions are dead without restarting the FW?
Thanks.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey guys, from the fortigate documentation http://docs.fortinet.com/fgt/handbook/40mr2/fortigate-voip-sip-40-mr2.pdf should I be using the " Source NAT Scenario" on page 65 or the " Destination NAT Scenario" on page 66?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I have done some tests to run SIP trunk over FortiGate. There is no any audio issue. If you have any audio issue over FortiGate, please try following configurations on FortiGate:
config system session-helper
show
edit 20
set name sip
set port 5060
set protocol 17
next
delete 20
end
config system settings
set sip-helper disable
set sip-nat-trace disable
end
config firewall address
edit " all"
next
end
config voip profile
edit " voip_1"
config sip
set hosted-nat-traversal enable
set hnt-restrict-source-ip enable
end
next
end
config firewall policy
edit 1
set srcintf " internal"
set dstintf " wan1"
set srcaddr " all"
set dstaddr " all"
set action accept
set utm-status enable
set schedule " always"
set service " ANY"
set voip-profile " voip_1"
set nat enable
next
edit 2
set srcintf " wan1"
set dstintf " internal"
set srcaddr " all"
set dstaddr " all"
set action accept
set utm-status enable
set schedule " always"
set service " ANY"
set voip-profile " voip_1"
set nat enable
next
end
Thanks,
Wenlong Qin
Related Posts
- FortiGate GRE Tunnel with Dynamically obtain... 119 Views
- issue when disable Nat 80f behind... 273 Views
- IPsec Tunnels not working after firmware... 2530 Views
- Fortigate 200D with Hauwei 3372h Modem... 1479 Views
- Access via WAN Interface and VLan... 1415 Views
Labels
-
FortiGate
6,540 -
FortiClient
1,304 -
5.2
801 -
5.4
639 -
FortiManager
563 -
6.0
416 -
FortiAnalyzer
414 -
5.6
362 -
FortiSwitch
333 -
FortiAP
333 -
FortiClient EMS
263 -
6.2
251 -
FortiMail
243 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
150 -
6.4
128 -
FortiNAC
106 -
FortiGuard
102 -
FortiSIEM
88 -
FortiGateCloud
87 -
FortiCloud Products
84 -
IPsec
73 -
Customer Service
70 -
FortiToken
69 -
4.0MR3
64 -
SSL-VPN
60 -
Wireless Controller
58 -
FortiProxy
44 -
FortiADC
42 -
Fortivoice
41 -
FortiEDR
39 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
31 -
FortiSandbox
31 -
FortiSwitch v6.4
28 -
Firewall policy
24 -
SD-WAN
24 -
FortiConnect
23 -
FortiWAN
22 -
FortiConverter
21 -
VLAN
20 -
High Availability
20 -
FortiPortal
18 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
Certificate
14 -
DNS
13 -
FortiAuthenticator
13 -
FortiDDoS
13 -
SAML
12 -
BGP
12 -
Routing
12 -
FortiCASB
12 -
Interface
11 -
Logging
11 -
FortiGate v5.0
10 -
LDAP
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
Virtual IP
9 -
NAT
9 -
4.0MR2
9 -
RADIUS
8 -
Traffic shaping
8 -
SSID
7 -
RMA Information and Announcements
7 -
SSL SSH inspection
7 -
FortiSOAR
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
Security profile
6 -
Authentication
6 -
Fortigate Cloud
6 -
IP address management - IPAM
6 -
Traffic shaping policy
5 -
FortiBridge
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
WAN optimization
4 -
Web application firewall profile
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
IPS signature
3 -
packet capture
3 -
FortiToken Cloud
3 -
FortiAP profile
3 -
Automation
3 -
Intrusion prevention
3 -
DoS policy
3 -
Port policy
3 -
FortiDB
3 -
FortiDeceptor
2 -
FortiInsight
2 -
NAC policy
2 -
Antivirus profile
2 -
VoIP profile
2 -
Traffic shaping profile
2 -
Web profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
Fortinet Engage Partner Program
2 -
trunk
2 -
Schedule
1 -
4.0MR1
1 -
SDN connector
1 -
Users
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
FortiPAM
1 -
Web rating
1 -
Application signature
1 -
Authentication rule and scheme
1 -
Multicast routing
1 -
FortiManager-VM
1 -
Zone
1 -
Internet Service Database
1 -
System settings
1 -
Explicit proxy
1 -
TACACS
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.