OK, what' s the secret to make IP phones work?

I ran into the same issues using Cisco IP Phone and the Cisco Call Manager servers. The Fortinet SIP-Helper stuff is supposed to work, but it doesn' t. I ran into issues that some versions of the firewall firmware would work as expected and some would break it, or if it did work the SIP helper would intermittently only give one way audio. Truly, a big pain in the butt. I just ended up placing our Cisco VOIP Router outside of the firewall and had all of the external SIP traffic route through it. This removed the need for NAT’ing by the Fortinet firewall and it has been running perfect since then. In my opinion, the fortinet can’t reliably NAT SIP traffic. Either have a VOIP Router do it, or maybe move to IPv6 which removes the need for NAT.

You have deleted the sip helper, but are you disabled then rebooted Fortigate? config system settings set sip-helper disable end exec reboot I ALWAYS use a NAT Full (1:1) for SIP servers regards, Paulo Raponi

Are these phone really SIP , cause by default they are SCCP ( aka skinny )? has the VoIP conducted any diagnostic to see where/what is failing? and at minimum execute and phone traces? What I' ve done and seen more and more of, are SIP-proxies and or a isolate Voip-gateway. These designs make it easier for VoIP operations.

I had the same issues with IP phones. After I delete SIP helper worked ok. Still try all the solutions posted here.

I have several sites using hosted IP phones and the only problems Ive ever had are with the sip helper. I always disable and remove it. If you can ping the ip address of the sip server (pbx) and have fairly low jitter then they should be working. There are some cases where you have to tell the phones that they are going through a natted device but usually this is automatically done on most new phones.

I have 60C running MR 3 patch 5 and two ISP (2nd is for backup). Every time it switches from ISP 1 to ISP 2, IP Phones will not register any more although SIP Server shows all extension as registered. The solution I got is to change the local IP of the phones. But this is crazy as I have more than 50 IP Phones. (SIP Server is outside LAN).

I too have more than 50 phones on a hosted service, over SIP. Fortunately I haven' t had too many issues yet. Your mileage may vary, but my phone vendor provided me a list of things that they prefered I do: Here are some general settings that should be configured on the router located in your office: SPI - disabled (Yah sure) IP Sec - disabled (Not gonna happen) SIP ALG - disabled (Interesting) Firewall - disabled (When hell freezes over) QOS info: (ports that needs to be prioritized): (Here we go) UDP 5060 UDP 5199 UDP 3478 - 3480 UDP 15044 UDP 16384 - 16404 UDP 2222 - 2269 TCP 16000 TCP 80 TCP 443 So far, so good.