- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Site-2-Site VPN with VoIP
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Site-2-Site VPN with VoIP
Hi Everyone,
I apologise in advance if this request for help is in the wrong section.
I've taken on a new customer that has 2 sites with a Fortigate 60E Firewall at each location providing Site-2-Site VPN for Data. This is working flawlessly and they've never had any issues. They recently purchased a VoIP system (prior to being a customer) which is completely separate and runs on its own set of Switches. (each desk has 2 network drops. 1 for Data & 1 for Voice). The VoIP system has been configured with 192.168.10.x with VLAN 100 on those switches. Again, no issue with the phone system at Head Office.
They now want to add IP Phones in their Branch Office and I'm not 100% sure what is the best way to achieve this. Fortinet & Fortigate are new to me so I'm learning as I go.
My first thought was to setup an interface on the Fortigate at the HO as a Voice Gateway (192.168.10.254) and attach it to one of the VoIP Switches. Then Configure the necessary DHCP etc that this is the GW. This gets to the traffic to the Firewall (I believe). I've then got to some how allow this subnet to use the existing Site-2-Site VPN Tunnel and I assume I have to add this Subnet to it. Also, I suspect there must be some sort of QoS that I can set/maybe?!?
At the BO I would do the same but create a Voice Subnet of 192.168.11.x with a GW of 192.168.11.254 which connects to a free port on the Fortigate at the BO. Same setup, allow 192.168.11 to use the existing Site-2-Site VPN. I'll have to configure the switch at the BO with VLAN 100 with DHCP I suspect for the phones, Data is in the default VLAN at the moment and I'm going to use a single switch for both Voice and Data with QoS.
Or...
Can you use the same subnet in both the HO & BO ?!?!? I don't see how this would route successfully but I did read somewhere that certain Cisco units or Sonic Firewall units can do this. Not sure how this would work but maybe it's possible and the correct way to go.
Or...
Would Static IP's (192.168.10.x) work for the Ip Phones in the BO as long as the the BO could route this subnet back to the HO ?
I've read a lots of comments from several different forums regarding this exact requirement of setting up VoIP at a BO over VPN but there has never been a clear indication of the best solution to use, and the more I think about it the more elaborate and stupid my ideas get!!!
I know there are many ways this can be achieved depending on setup and equipment, but I'm not familiar with how Fortigate would recommend to achieve this.
I'm hoping the xperts here can give me a Dummies walkthrough on how I can Achieve this.
Appreciate the help.
So here is the run down of subnets
DATA Subnets
HO - 192.168.100.x
GW - 192.168.100.254
BO - 192.168.101.x
GW - 192.168.101.254
Voice Subnets
HO - 192.168.10.x
GW - 192.168.10.254 (Possibly)
BO - 192.168.11.x (Possibly)
GW - 192.168.11.254 (Possibly)
1 REPLY 1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can anyone help?
Related Posts
- Site to Site VPN to 2... 198 Views
- Connecting Two SIP Trunks with Different... 273 Views
- Wifi-Bridge with FortiWifi as controller in... 309 Views
- FortiClient and T-Mobile 194 Views
- Fortigate 7.4 IKEv2 Dial-In Clients cannot... 225 Views
Labels
-
FortiGate
6,531 -
FortiClient
1,303 -
5.2
801 -
5.4
639 -
FortiManager
563 -
6.0
416 -
FortiAnalyzer
414 -
5.6
362 -
FortiSwitch
333 -
FortiAP
333 -
FortiClient EMS
263 -
6.2
251 -
FortiMail
242 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
150 -
6.4
128 -
FortiNAC
106 -
FortiGuard
102 -
FortiSIEM
88 -
FortiGateCloud
87 -
FortiCloud Products
84 -
IPsec
73 -
FortiToken
69 -
Customer Service
69 -
4.0MR3
64 -
SSL-VPN
60 -
Wireless Controller
58 -
FortiProxy
44 -
FortiADC
42 -
Fortivoice
41 -
FortiEDR
39 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
31 -
FortiSandbox
31 -
FortiSwitch v6.4
28 -
SD-WAN
24 -
FortiConnect
23 -
FortiWAN
22 -
Firewall policy
22 -
FortiConverter
21 -
High Availability
20 -
VLAN
19 -
FortiPortal
18 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
Certificate
14 -
DNS
13 -
FortiDDoS
13 -
SAML
12 -
BGP
12 -
Routing
12 -
FortiAuthenticator
12 -
FortiCASB
12 -
Interface
11 -
Logging
11 -
FortiGate v5.0
10 -
LDAP
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
Virtual IP
9 -
NAT
9 -
4.0MR2
9 -
RADIUS
8 -
Traffic shaping
8 -
SSID
7 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
SSL SSH inspection
6 -
Security profile
6 -
Authentication
6 -
Fortigate Cloud
6 -
IP address management - IPAM
6 -
Traffic shaping policy
5 -
FortiBridge
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
WAN optimization
4 -
Web application firewall profile
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
IPS signature
3 -
packet capture
3 -
FortiToken Cloud
3 -
FortiAP profile
3 -
Intrusion prevention
3 -
Automation
3 -
DoS policy
3 -
Port policy
3 -
FortiDB
3 -
FortiDeceptor
2 -
FortiInsight
2 -
NAC policy
2 -
VoIP profile
2 -
Antivirus profile
2 -
Web profile
2 -
Traffic shaping profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
Fortinet Engage Partner Program
2 -
trunk
2 -
SDN connector
1 -
4.0MR1
1 -
Users
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
Web rating
1 -
FortiPAM
1 -
Application signature
1 -
Multicast routing
1 -
Authentication rule and scheme
1 -
Zone
1 -
FortiManager-VM
1 -
Internet Service Database
1 -
System settings
1 -
Explicit proxy
1 -
TACACS
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.