Description |
This article describes how to effectively manage Webex voice calls and video media streams while ensuring the DOS policy is enabled on the FortiGate.
The Webex voice calls utilize a range of UDP ports for communication, which may vary based on the Webex service and version in use.
It is essential to note that the specified port ranges have the potential to trigger the UDP Flood threshold in FortiGate's default settings for IPv4 DOS Policy, leading to the dropping of UDP sessions by FortiGate. As a result, Webex calling may experience problems like call freezing, drops, or severe stuttering. To mitigate this, ensure that the UDP ports used by Webex are allowed through the DOS Policy while still maintaining effective DOS Protection. |
Scope | FortiGate versions 6.2.x, 6.4.x, 7.0.x, 7.2.x, 7.4.x and above. |
Solution |
Generally, the following UDP ports are employed for Webex voice calls and video media streams:
These ports are utilized for Webex Calling, which includes voice calls and video calls made through the Webex platform. The signaling traffic is handled through UDP ports 9000 to 9009, and the actual media (audio and video) is transmitted through UDP ports 16384 to 32767. Note: The port ranges are subject to change or customization by the Webex service provider. Make sure to verify the specific port requirements with the WebEx service provider or refer to the official documentation for the specific version of WebEx being used.
Read more in Port Reference Information for Webex Calling - Webex help.
Due to the DOS policy dropping UDP sessions for Webex, it is essential to allow the specific UDP ports used by Webex while still maintaining effective DOS Protection.
In this DOS policy, ensure UDP Flood is set to Disable or Monitor.
This implies that only traffic matching UDP ports 9000 to 9009 and 16384 to 32767 will be affected by this DOS policy and allowed through. Any other traffic not meeting these criteria will be handled by the DOS policies positioned below it. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.