Fortigate blocking incoming SIP traffic for remote clients

Author
shane95129
New Member
  • Total Posts : 4
  • Scores: 0
  • Reward points: 0
  • Joined: 2017/07/18 23:58:08
  • Status: offline
2019/09/10 23:01:45 (permalink)
0

Fortigate blocking incoming SIP traffic for remote clients

Hey everyone,
 
I currently have a Cloud PBX running with a public IP address, and I am trying to register a SIP client to it. I am seeing packets hitting the PBX, however all incoming packets are being denied. Please see attached for pictures.
 
I have also created a policy to allow all incoming traffic from 149.xxx.xxx.xxx into my local subnet. I have tried with and without NAT on both the SIP client and Fortigate.
 
SIP ALG helper and session helper are also disabled. We currently have a working setup with a pbx hosted behind the fortigate, however we are in the progress of migrating it to the cloud due to power issues at our office location.
 
Any help would be greatly appreciated!
 
Thanks in advance.
 

Attached Image(s)

#1

2 Replies Related Threads

    sw2090
    Gold Member
    • Total Posts : 396
    • Scores: 21
    • Reward points: 0
    • Joined: 2017/06/14 01:27:25
    • Location: Regensburg
    • Status: offline
    Re: Fortigate blocking incoming SIP traffic for remote clients 2019/09/10 23:11:05 (permalink)
    0
    hm that doesn't provide much information. 
    I'd suggest doing some flow trace to see what really happens to your packets. This provides more info like which policy was matched or whatever happend to the packet.
     
    diag debug ena
    diag debug flow filter clear
    diag debug flow filter <rule>  (for some filtering like src or dest ip)(you might get lost without filters *g*)
    (diag debug flow filter list shows you a list and state of filters)
    diag debug flow trace start <numberofpackets>
     
    then watch the cli and do some sip.
    Maybe this gives you a clue?
    #2
    kubimike
    New Member
    • Total Posts : 19
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/08/29 14:02:41
    • Status: offline
    Re: Fortigate blocking incoming SIP traffic for remote clients 2019/09/12 12:09:23 (permalink)
    0
    Best to follow this guide. I had all kinds of SIP issues. This solved them all, this ALG feature should be OFF by default!
     
     
    https://www.vatacom.com/knowledge-base/disable-sip-alg-fortigate-firewalls/

    #3
    Jump to:
    © 2019 APG vNext Commercial Version 5.5