Fortigate blocking incoming SIP traffic for remote clients

Forum|Forum|6 years ago
September 11, 2019
1 reply
6892 views

Hey everyone,

I currently have a Cloud PBX running with a public IP address, and I am trying to register a SIP client to it. I am seeing packets hitting the PBX, however all incoming packets are being denied. Please see attached for pictures.

I have also created a policy to allow all incoming traffic from 149.xxx.xxx.xxx into my local subnet. I have tried with and without NAT on both the SIP client and Fortigate.

SIP ALG helper and session helper are also disabled. We currently have a working setup with a pbx hosted behind the fortigate, however we are in the progress of migrating it to the cloud due to power issues at our office location.

Any help would be greatly appreciated!

Thanks in advance.

sip1.png

sw2090

SuperUser

hm that doesn't provide much information.

I'd suggest doing some flow trace to see what really happens to your packets. This provides more info like which policy was matched or whatever happend to the packet.

diag debug ena
diag debug flow filter clear
diag debug flow filter <rule> (for some filtering like src or dest ip)(you might get lost without filters *g*)
(diag debug flow filter list shows you a list and state of filters)
diag debug flow trace start <numberofpackets>

then watch the cli and do some sip.

Maybe this gives you a clue?

kubimike

New Member

Best to follow this guide. I had all kinds of SIP issues. This solved them all, this ALG feature should be OFF by default!

https://www.vatacom.com/knowledge-base/disable-sip-alg-fortigate-firewalls/

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded