Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
shareDnC
New Contributor

Created on ‎07-26-2019 12:59 AM

FortiGate 30E and our softphone system, looking for help

Dear Fortinet community,

 

our company is using Aircall for our phonecalls. Aircall is a software which allows you to call directly via. your computer, only thing you need is internet.

But here is where the trouble begins. 

 

It seems like, that our FortiGate is blocking our sofware Aircall - but just sometimes.

Like every 10. call doesn't work.

 

My question now is (since we literally checked everything else already), if FortiGate could be the problem here.

Does FortiGate block some actions like softphone calling?

 

Also another short question:

 

Right now our FortiGate is connected to our Router with Ethernet (from Port 3). What happens, if I pull the cable right now out of the FortiGate port 3? Does this trigger an internet-crash in our building, or will nothing happen?

This way I could login to FortiGate and take a look into the settings, but my fear is, that the internet will go down.

 

Thanks to everyone who can help me somehow!

 

Best, 

 

Nicolas

3913
0 Kudos
4 REPLIES 4
Toshi_Esumi
SuperUser
SuperUser

Created on ‎07-26-2019 02:13 PM

First, to understand the topology, is your internet terminated at your router or FG30E? Depending on how you placed your FGT between internet and your LAN, all users likely lose all internet obviously.

 

Then the second part is about your phone service. If the phone calls works 100% of times when a laptop with the app connected to a public WiFi services or wired internet services at a hotel?

And if that's the case, is the service based on SIP or H323? Then FGT's session helpers and/or ALG are likely acting up and messing up the ports. So you can try disabling them by following below:

https://kb.fortinet.com/kb/documentLink.do?externalID=FD36405

 

But settings for voip process handling with FGT's session helper/ALG are mostly trial & error. Disabling those first generally solves most of problems but might need further adjustments. If possible, seek help from Fortinet TAC. That's the fastest way to solve those problems unless you're too familiar with session helpsers/ALG with other FWs.

 

2111
0 Kudos
shareDnC
New Contributor
In response to Toshi_Esumi

Created on ‎07-29-2019 07:20 AM

Dear Toshi,

 

first of all, thanks a lot for your help!

So it seems this could be our solution, which would be great.

 

Here are pictures of our cables, maybe you can tell me, if our FG30E is terminated directly with our internet.

I am super sorry for the chaotic cable management, this wasn't my fault. :)

 

This is our FG30E, below that, you can see our Ethernet Access below (OneAccess 1322).

Here you can see the yelow cable in "wan", which is connectect with the Ethernet Access.

The Ethernet Access (OneAccess 1322) got a cable, which goes straight to the phone line jack.

The white/grey cable in the FG30E Port 3 goes to the "wan" port in our router (Fritz.Box).

 

This is our beautiful router. Here you can see (on the left) the grey/white cable from the FG30E which goes to the "wan" port in our Router.

The two yellow ones are going into our Ethernet-Plugins from the Building.

 

Here are two more pictures without any comment

 

My question: Can I pull the port 3 cable (white/grey), which is connected from FG30E Port 3 to our Router WAN Port, without crashing the internet in our building.

 

Otherwise I have to do it on the weekend when nobody is here.

 

Thank you very much guys and I am sorry for my lack of knowledge.

 

Best regards,

 

Niclas

2111
0 Kudos
Toshi_Esumi
SuperUser
SuperUser
In response to shareDnC

Created on ‎07-29-2019 09:41 AM

No, I can't tell either way because I don't know what the OneAccess device does. And if you don't know, you have to do it in a maintenance window any way. I suggest you draw a diagram and how each computre can get to the internet through those device in which order first.

2110
0 Kudos
Dave_Hall
Honored Contributor
In response to Toshi_Esumi

Created on ‎07-29-2019 02:22 PM

Hi Nicolas.

 

I agree with Toshi - the description of the problem and how your network/wan layout is cryptic.  It seems there are three devices here:

- FGT 30E

- Fritz!Box gateway device

- OneAccess router device

 

Plus the AirCall software.

 

Since the OneAccess is connected to the fgt's WAN port, I am assuming that is your office's WAN/Internet connection. 

 

The fgt's Port3 appears to be connected to the Fritz!Box, which you seem to indicate "two yellow ones are going into our Ethernet-Plugins from the Building", so I assume the Fritz!Box is connected to your internal network.  

 

I don't think we can fully answer your questions without learning more about your network layout and how those devices are connected.  There maybe somethings happening on the Fritz!Box if it is wedged in between the fgt 30E and your company's internal network.  That being said, you may be able to discern if the memory/cpu/session resources on the 30E is being overly taxed - log into the fgt's GUI and check the resource section...

 

 

 

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Preview file
55 KB
2111
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.