Technical Tip: VoIP and SIP configuration and troubleshooting resource lists
Description
This article provides a list of resources that can be used to configure and troubleshoot VoIP on FortiGate.
Scope
FortiGate.
Solution
| General Settings |
| Title and Links | Description |
| VoIP solutions Fortigate | Official FORTINET libraries and use cases. |
| Technical Tip: Changes in SIP ALG's behavior after upgrading in v7.0 or v7.2 GA versions | Changes in default behavior in v7.0.0 and v7.2.0 for SIP ALG. |
| Technical Tip: What SIP inspection is applied by FortiGate | Identify which inspection mode is used by FortiGate when handling SIP calls. |
| Technical Tip: VOIP calls (using SIP) | Describes a possible fix for failing VOIP calls with FortiGate SIP. |
| Technical Tip: Disabling VoIP Inspection | Disable SIP-inspection on FortiGate and explain the consequences. |
| Technical Tip: SIP ALG to prevent unwanted calls | Use the SIP ALG to prevent the ALG from opening SIP pinholes for unwanted VoIP calls. |
| Technical Tip: VoIP profile to policy where no SIP inspection is required | Apply the VoIP profile where SIP inspection is not required for specific traffic crossing the IPv4 policy. |
| Technical Tip: When to use each VoIP ALG mode setting on FortiGate | Recommended scenarios for to use of each VoIP mode that is available on a FortiGate firewall. |
| Technical Tip: How SIP-ALG and Session helper works in FortiGate | Methods to choose SIP-ALG and Session Helper. |
| Technical Tip: Prevent attackers from using outbound ports/sessions to register to an internal PBX | Prevent malicious actors from trying to register on an internal PBX by scanning the FortiGate WAN IP. |
| Troubleshooting |
| Title and Links | Description |
| Technical Tip: SIP useful Commands | Troubleshooting SIP traffic (sip session-helper or SIP-ALG). |
| Technical Tip: Checking VOIP traffic flow using Wireshark | How to use Wireshark to help view or understand the VOIP flow. |
| Troubleshooting Tip: How to overcome a situation where a SIP call remains active after remote party call termination. | A situation where a SIP call remains active after the remote party's call termination. |
| Troubleshooting Tip: Port 5060 and port 2000 receives getting a SYN-ACK from FortiGate when nmap is initiated toward a non existing IP address | Why is a SYN-ACK seen from FortiGate when nmap is initiated toward a non-existing IP address. |
| Troubleshooting Tip: No audio with SIP, debug flow shows error message 'iprope_in_check() check failed on policy 0, drop' | Issue where no audio is audible for phones, and debug logs show the error 'iprope_in_check() check failed on policy 0, drop' even when a policy is configured. |
| Troubleshooting Tip: One way Audio issue in VOIP (with SIP ALG) | How SIP ALG processes VoIP traffic and why one-way audio issues may occur. |
| Technical Tip: VOIP Profile missing on GUI or UTM Profile | VoIP profiles in the UTM features of the GUI. |
| Troubleshooting Tip: VoIP audio issues due to packet loss - DoS policy thresholds | How to resolve VoIP audio issues caused by packet loss while using FortiGate. |
| Troubleshooting Tip: VoIP traffic logging as a troubleshooting and monitoring tool | Use logging in VoIP profiles to monitor traffic and/or troubleshoot VoIP-related issues in SIP or SCCP protocols. |
| Technical Tip: SIP Helper / ALG preserve source IP and port information | The NAT firewall policy that accepts SIP sessions removes the original IP in SDP. |
| Troubleshooting Tip: How WIFI Calling works (VoWIFI) work through FortiGate | How to successfully establish a VoWIFI call (WIFI Calling Service). |
| Technical Tip: 3CX Server Mapping does not match | Explains why the local 3CX VoIP server trough an error 'Mapping does not match <port>. Mapping is <another_port>'. |
| Troubleshooting Tip: How to overcome a situation where SIP calls are disconnected within 30 seconds after being answered | Why are SIP calls disconnected within 30 seconds after being answered. |
| Troubleshooting Tip: An SIP call cannot be established and the destination party returns an SIP message containing 'Status: 415 Unsupported Media Type' | How to resolve a situation where a SIP call cannot be established and the destination party returns a SIP message containing 'Status: 415 Unsupported Media Type'. |
| Troubleshooting Tip: How to resolve a situation where a SIP calls between branches have no audio | How to resolve a situation where SIP calls between branches have no audio, but calls from branches to the main office (and vice-versa) work fine. |
| Troubleshooting Tip:SIP call cannot be established and the destination party returns a SIP message containing 'Status: 302 Moved Temporarly' | How to resolve a situation where a SIP call cannot be established, and the destination party returns a SIP message containing 'Status: 302 Moved Temporarily'. |
| Technical Tip: How to overcome a situation where a SIP call cannot be established and the destination party returns a SIP message containing 'Status: 488 Not Acceptable Here' | How to resolve a situation where a SIP call cannot be established and the destination party returns a SIP message containing 'Status: 488 Not Acceptable Here'. |
| Troubleshooting Tip: SCCP (TCP port 2000) traffic stops working after upgrading from v7.0.12 to v7.2.7 | This article describes how the VoIPD daemon's default behavior changes in v7.2.7 can impact SCCP (TCP 2000) traffic. |
| Technical Tip: Overcoming SIP registration failure due to wildcard contact field when using FortiGate SIP ALG | How to identify and overcome SIP registration failures due to wildcard contact field when using FortiGate SIP ALG |
List of Resource Lists: Technical Tip: FortiGate Resource Lists.