this is new, like for one week we have problems with voip in our central FG 300D cluster. From other offices with other FGs we didnt get any reports of problems while calling.
First we tried to route the traffic with another route and internet access but we got the same problems. Capturing with Wireshark the connections we didnt see any package loss but our provider sent us some package loss samples where there are like 8% package loss.
We didnt change anything in the FG policies so we really dont know what can cause the problem. Since we only have it on our central FW, it seems that the problem is there.
You could run a packet capture on the ingress and the egress (internal and external) interfaces of your FG300D and see if you can identify any packet loss on either interface. If it's on both, then the problem is between the VoIP client and the firewall. If are you losing packets on the egress but not the ingress then you may have an issue with packets being dropped in the fortigate.
Voip issues are a nightmare. I do the packages captures in the web gui and it only lets me do 10.000 packages and we get them like in 1 min and so I really cant say.
The Voip provider sent us a grafic for the last 3 hours and from our WAN IP to them we have like 8% package loss. Also users are telling us, that sometimes in the calls, tehy dont hear the other site for like 2-3 seconds.
FG Support suggested disactivating SIP ALG but I dont know if this brings us forward...also we would have the problem to restart the fw cluster in short time because of the sessiones and we jaut have remote access.
So basically I just see one thing we can do and that is SIP ALG deact....or?
A) branches with FG firewall where the Voip Traffic is routed directly to the Voip provider >>> NO PROBLEMS
B) smaller branches who have MPLS connection to main FG Firewall in our data center, incomming traffic via MPLS and than we route with 2 different Internet Access....both of them with the same result of 2-8% package loss. This situation is like 3-4 weeks old, before we never had any problems and also we dodnt change anything on routing, actualizations, policies, etc.
> we left tickets for the MPLS provider to check the MPLS connection and also the 2 WAN Interfaces on the FG cluster from the data center. We asked them also to deep check connections, traceroutes, etc.
> we have confirmation from almost all small offices that these problems occur between the same hour a day, always from 11AM to 1 PM.
> we are still waiting if it makes sense disabling SIP ALG on the FG.
Any other ideas? You think we should give it a try with the SIP ALG?
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.