Hello,
I want to install an video conference by AVER that supports H.323.
I have made the port forwarding the user manual states (see below photo) but it does not operate ok. i.e. although I can see and hear the remote party, my camera and microphone are not being transmitted remotely.
Can someone please help me?
FortiGate is aware of SIP and other video protocols, with mechanisms that allow traffic inspection and content-alteration. Opening the ports as such (through a VIP, I expect) doesn't disable the session-helpers, which in this case may cause more problems than help the traffic. You need to do that manually (delete the H323 session helper)
Created on 04-13-2022 05:42 AM Edited on 04-13-2022 07:03 AM
Thank you for your reply!
i go to cli and put the following commands but i get command fail error
config system settings
set sip-helper enable (or disable)
my firmware version is 6.4.8
You should familiarize yourself with the available commands in a FortiGate.
If you know a part of the command, you can do "show full | grep -f helper" and that will show you where the word "helper" is available.
In your case, you need to DISABLE H323 helper, and not enable it.
To disable it, you must delete it from the session-helper context:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-disable-H323-and-RAS-session-helper...
Thank you very much for your help! :)
I have done what the link suggests, so i deleted 2 and 3 from the session helper but the problem persists:
The H.323 call is connected successfully BUT i can only see and listen the remote caller, i cannot transmit audio or video.
any other ideas?!
Well, you should have checked what was in the session-helper config with "show" before changing anything. Looks like "edit 2" didn't exist because it was "added" when you entered into the config mode. Get in the session-helper config mode again and make sure no edit 2 there.
Also based on the protocol list, it also use SIP. So you should delete SIP session-helper (edit 13) as well. Just make sure with "show" the 13 is actually SIP helper.
Then, although this is not in the KB, I think you have to reboot the box unless you want to clear all existing sessions.
Toshi
Created on 04-13-2022 09:19 AM Edited on 04-13-2022 09:19 AM
I actually did checked with the show command and saw that 2 and 3 were deleted, I must have done it earlier in the morning while trying to find out how to make the system operate.
The 13 (sip) was still enabled but even after deleting this and rebooting the fortigate, the same problem exists.
Do you have any other ideas?
thank you very much for your help so far!!
In addition to disabling the session-helper, I would disable SIP ALG at the system settings. You can find how on the internet but like below:
config sys settings
set sip-expectation dis
set sip-nat-trace dis
set default-voip-alg-mode kernel-hlper-based (which is the session-helper you removed)
end
This shouldn't require a reboot.
If this still doesn't help, either you need to debug the protocol deeper by sniffing your outgoing video and audio packets before and after NAT to see if the FGT is changing TCP/UDP ports, or open a ticket at TAC to let them look into what's going on.
Toshi
Thank you very much for your help but it still does not operate. I have already opened a ticket at TAC.
Thanks again!
To disable SIP-ALG, these commands are NOT required (these commands only affect sip-helper):
set sip-expectation dis
set sip-nat-trace dis
VOIP cases in general need packet captures to see what protocol fails and what is negotiated. So in this case, opening a case where you can attach the packet capture is better. You may also reference this discussion in the case, so the engineer knows what has been done so far.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.