VoIP/SIP traffic problems, RTP ports being changed by Fortigate

Author
soundxplorer
New Member
  • Total Posts : 9
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/12/19 11:55:28
  • Status: offline
2020/09/16 09:14:05 (permalink)
0

VoIP/SIP traffic problems, RTP ports being changed by Fortigate

Some background on the problem - I've had this happen before and fixed it with someone else's help. I think the "set contact-fixup disable" command fixed it before.
Now suddenly the problem is back, and seemingly without me making any config changes in our FG100E.
We have a VoIP device on our LAN, and it requires me to do port translations to access all the channels (example, for channel#3, UDP5060 gets translated to UDP5063).
The problem is that the Fortigate seems to translate some ports into the 7000 range instead, and I know this is what the SIP-Helper does by default.
In my config, SIP ALG is handling the SIP traffic, which I confirmed with this command: diag sys sip-proxy stat
I also have these settings in the config:
 
config system settings
set sip-nat-trace disable
 
config voip profile
edit "VoIP"
config sip
set contact-fixup disable
 
So, here's the behavior I see when I do a packet capture within the Fortigate.
The SIP negotiation works fine, it translates ports 5060 to 5063 correctly.
The problem then begins when the RTCP/RTP traffic starts.
I have RTP set to translate to port 6035, but my packet capture shows "Src Port: 6035, Dst Port: 7259".
I cannot figure out why it is getting changed to port 7259. I don't see anything in the text config that lists that range.
Any ideas?
#1

0 Replies Related Threads

    Jump to:
    © 2020 APG vNext Commercial Version 5.5