Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
RolandBaumgaertner72
New Contributor II

VoiP Packet Loss

Hello,

 

this is new, like for one week we have problems with voip in our central FG 300D cluster. From other offices with other FGs we didnt get any reports of problems while calling.

 

First we tried to route the traffic with another route and internet access but we got the same problems. Capturing with Wireshark the connections we didnt see any package loss but our provider sent us some package loss samples where there are like 8% package loss.

 

We didnt change anything in the FG policies so we really dont know what can cause the problem. Since we only have it on our central FW, it seems that the problem is there.

 

Any suggestions?

 

Thanks!

 

20 REPLIES 20
gfleming

Again I really don't think this is SIP ALG issue. SIP ALG is responsible for allowing traffic and blocking malicious stuff. But intermittent packet loss at a certain time of day does not sound like a symptom of SIP ALG issues.

 

Do you have phones at the main data center by any chance? Do these phones experience any issues with quality? If there are no VOIP issues at main site, then it may be your MPLS provider that is connecting your branches to the main data center.

 

The fact this happens at midday leads me to belive it's a traffic spike. Can you please show 24 hr interface graphs for your two main ISP feeds at the main site? As well as interface graphs for MPLS link at main site and at one of the problematic sites?

 

 

Cheers,
Graham
RolandBaumgaertner72

Hi Graham,

 

the provider is also checking MPLS (port6) and Internet Access (Port1/7):

RolandBaumgaertner72_0-1668671116150.png

We dont really see any peaks from traffic.

 

Thanks!

 

 

RolandBaumgaertner72
New Contributor II

Hi,

 

checking in Fortiview in this policy we see these failed connections:

RolandBaumgaertner72_0-1668691964621.png

 

Session ID 231092761
Virtual Domain root

Source
IP 128.1.38.161
Source Port 11793
Source Interface port6

Destination
IP 185.130.155.165
Host Name sipcc5.meetip.net
Port 17989
Destination Interface port7

Application
Application Name UDP/17989
Category unscanned
Protocol udp
Service udp/17989

Action
Action ip-conn
Threat 262144
Policy 112
Policy UUID 910398d0-4378-51ea-3d36-4785cd1d9e9b
Policy Type policy

Security
Level
Threat Level low
Threat Score 5
Threat Type Failed Connection

Other
Source Interface Role undefined
Destination Interface Role wan
Protocol Number 17
roll 48663
Log event original timestamp 1668691794
Threat Level Low
Event failed-connection
Log ID 11
Sub Type forward
Security Events []

 

gfleming

That looks like UDP RTP/RTPC traffic from your internal hosts to your VOIP provider. Why its being blocked we don't know. It could be stale connections. It could be something else. The fact that VOIP calls do work most of the time leads me to believe you don't have an overall problem with SIP/RTP traffic getting past the FGT. Your issue is that calls work but sometimes during the call the audio drops out, correct?

 

Do you have NAT enabled on your internet-facing (or MPLS-facing) traffic policies? Is the VOIP traffic being NATted at all?

 

What version of FortiOS are you running?

Cheers,
Graham
RolandBaumgaertner72
New Contributor II

Hi,

 

FG300 cluster with 6.0.5 (I know it is a bit old but we hace to update this cluster soon beeing there in the data center).

 

Yes we have NAT in the policy to the Voip provider, without NAT it would not work (we tried).

 

Thanks

gfleming

Can you confirm you exact issue? My understanding is that calls connect and work for the most part but during the call sometimes users lose audio. Can you clarify if that's not correct?

Cheers,
Graham
RolandBaumgaertner72

Hi,

 

yes, most of the time we get problems communicated from the offices around 11-13PM. They get calls and than for like 3-6 seconds they dont hear the other person. After that it works fine.

 

We dont see any high peaks in either line (MPLS and both Internet Access). The provider is checking the lines but sofar he didnt find anything. The Voip provider just sent us again his statistics where he can confirm like 3% lost in RTP Streams (the same result we got from our capturing on the FG - but again like doing 9 of 10 captures are 100% fine).

 

Right now we are waiting for the answers from the provider about the lines.

 

Thanks!

 

 

gfleming

So the phone rings, they pick up and there is no audio for 3-6 seconds and then after that they hear audio and have zero issues from there on out? Is that an appropriate summation of the problem?

 

Are there ever any audio issues later on in the phone calls? Or just at pick up time?

 

Does it happen for inbound calls only or do outbound calls have issues too?

Cheers,
Graham
RolandBaumgaertner72
New Contributor II

Hi,

 

we have like 90-95% inbound (some call centers) and again, it happens usually in the morning (there should not be more traffic). Also it can happen in one office, that it affects like 1 user and other 4 users dont have a problem during the day. I really dont know if it happens at the beginning or in the middle of the call.

 

Any idea what we can do/try from the Fortigate side? 

 

Thanks!

 

gfleming

Can you find out those details from the users? Understanding the exact symptoms of the problem is key to troubleshooting.

Cheers,
Graham
Labels
Top Kudoed Authors