FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes a solution for a situation where a SIP call remains active after remote party call termination.
Scope
SIP phones connected behind FortiGate, registering on an external PBX/VoIP provider and with no SIP inspection on FortiGate.
Solution
When the 3-way handshake process for a SIP call termination (BYE/200 OK (BYE)/ACK) does not complete, one side of the call will remain active and, because of that, VoIP providers may continue to charge the said call, resulting in a higher bill at the end of the month.
When running a packet capture for a call on both the external and internal interfaces of FortiGate, it will be possible to see several BYE messages for the same call arriving on the external interface, but none being forwarded to the correspondent SIP Phone on the internal interface (meaning that FortiGate is actually dropping those packets).
One simple solution for this situation is to enable the option 'preserve-source-port' on the outbound firewall policy that allows the SIP traffic to flow from the internal interface to the external interface of FortiGate towards the VoIP provider/external PBX.
