Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
John_Williamson
New Contributor III

VPN and Mitel Connect VoIP software - no audio

We are having an issue where users, using our VPN connection, with the Fortinet VPN client and using the Mitel Connect software do not get the audio portion of a phone call. Neither side of the call can hear each other. The this feature with "soft phone" works, when the computer is internal and not making use of the VPN.  I don't know if it is a setting in the Fortigate or an issue with the Mitel software.

 

What are the best practices and settings for VoIP calls through the firewall ?

 

 

 

 

19 REPLIES 19
dsteinbach
New Contributor

I'm sorry if this is being double posted.

 

We are having the same issue using SSL-VPN on a FortiGate 301E and Mitel Connect.  It appears that the UDP packets that carries the audio for Mitel Connect is not passing through the VPN.  I wonder if the UDP packets can not be encrypted therefore it is not allow to pass through the VPN.  Is the a way to have UDP pass through a SSL-VPN or would an IPsec VPN work better? Thanks.

John_Williamson

Have you been able to show SIP packets and UDP packets being blocked ? I am still trying to find where the traffic stops so I can focus on that. 

 

 

kulas

I do have this same issue. Hope someone could help us about this.

John_Williamson

Some packet sniffing inside the our Fortigate shows an error getting to UDP port 10000 coming from the VPN device into our network, but no errors going from inside to out the VPN. We have a specific service for the VoIP phones that covers this port and 'all' services are allowed with this VPN tunnel, so there must be something not obvious that needs changing.

 

 

localhost

VOIP issues are often a pain to troubleshoot.

 

If you have guys already tried to disabling the SIP session helper or SIP Application layer gateway?

 

See following Link:

https://doc.boll.ch/virtual/1534/FortiOS_-_SIP_deaktivieren_v1.2.pdf

 

Document is in german, but google translate does a decent job translating it.

John_Williamson

Yes. I have disabled SIP helper and the Gateway is set differently. 

 

I think the issue is not so much the SIP, because the phone call is setup , and I can answer the call, which is what the SIP part is supposed to do, but the audio data is not making it. 

 

 

localhost

The SIP helper/ALG reads the traffic, modifies IP's and opens ports for the audio the pass.

So this could very well be an SIP helper/SIP ALG issue.

 

You are most likely using ALG-mode - in this case changing SIP helper settings has no impact.

Can you verify with:

# show full | grep default-voip

set default-voip-alg-mode proxy-based

 

And then verifiy your ALG settings are disabled.

fgt # config voip profile

fgt (profile) # edit default

fgt (default) # config sip

fgt (sip) # set status disable

fgt (sip) # set rtp disable

fgt (sip) # end

fgt (default) # next

fgt (profile) #

end

 

 

John_Williamson

I changed the ALG to proxy based at the same time. 

 

 

kulas

I've opened a ticket on this issue and it's working now.

Labels
Top Kudoed Authors