VOIP and Port Forwarding

Forum|Forum|16 years ago
June 30, 2009
4 replies
3523 views

I have an 80CM on a small network with 3 PC' s and 3 Packet 8 IP phones. We have dual WAN' s and I setup a new service called " Packet 8" with all of the required ports open. I then created a new firewall policy from source all to destination all, set to always and accept for the new service. I then assigned an unfiltered protection profile to this policy. Does this effectively open the ports I need and bypass any filtering? My reason for doing this is to get the best possible QOS for these phones. They have been a little choppy.

g3rman

New Member

Hi Monsterballard, welcome to the forums. You don' t even need to assign a protection profile to the policy, just uncheck the protection profile box. Also, depending on what other type of traffic you have going across your firewall it may interfere with your voice, such as file transfers, etc. Also, keep in mind that when making VoIP calls across the Internet (which is what I assume you are doing) there is no way to ensure quality of service past your firewall.

A

Anonymous_UserAuthor

Contributor

When I do the connectivity test on the Packet 8 site. It says that the QOS service is unable to produce a constant stream of data. Is there a QOS service feature on this box?

A

Anonymous_UserAuthor

Contributor

By the way, I did uncheck the profile for the service, but kept the firewall policy. Thanks for that input.

rwpatterson

New Member

You could use the traffic shaping setting available in each policy to duplicate the QOS you request. The FGT defaults all to high priority, so you have one of 2 options:

Set a traffic shaping for each policy to medium, and set the ones to high that you need (less desirable)

Set the global default speed to medium and then just upgrade the policies you need to high. The CLI command is: config system global set tos-based-priority medium end Good luck

FortiRack_Eric

New Member

Hi Bob, You' re right with prio top-base medium, but this can be very tricky on heavily loaded boxes in terms of IO. As with all bandwidth mgt issues. Be very careful and know what you' re doing. Otherwise you' ll see starvation of sessions. cheers, eric

laf

New Member

Hi, I have a SSL VPN which I need to prioritize ssl.root - wan1 (NAT) in order that some " key clients" can access local servers and navigate on Internet using " secured Internet connection" . There are only two persons but it was asked from me to provide them all the BW required. The equipment get a guaranteed value of 2048kbits in WAN 1. It has to support about 15 users with no really Internet connection requirements. What BW you recommend me to set for the the VPN policy ? I was thinking to guarantee 180kbytes and a maximum of 300kbytes. Is it a math relation between guaranteed BW and max BW ?

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded