| Description |
This article describes a common issue where calls can not be established when SIP trunks are using port 5064 for the SIP communication protocol. |
| Scope |
FortiGate. |
| Solution |
Network diagram:
In environments where users deploy multiple SIP trunks with different carriers, the ports used for the SIP communication protocol may differ from the conventional 5060. In the above diagram, users set one VoIP carrier with port 5060 (default) and the other SIP Carrier with port 5064 for the SIP communication.
By default, FortiGate uses port 5060 for the SIP communication protocol. Session helpers are configured using these default ports:
edit 13
Sessions for the VoIP 1 provider are correctly established. In the session, verify the traffic using the pinhole ports (session helpers) with the following commands:
diagnose sys session filter src x.x.x.x <----- Replace x.x.x.x with the IP of the PBX. diagnose sys session list
However, calls from VoIP 2 providers do not get established. Firewall policies and routing are correctly configured.
Solution: Create another SIP session helper using the SIP port 5064.
config system session-helper
For SIP ALG configuration, refer to: Technical Tip: Use multiple UDP ports at the same time for SIP inspection in FortiGate.
Related articles: |
