Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
vazexa
New Contributor

Created on ‎04-13-2022 02:43 AM

AVER video conference H323 no outbound audio and video

Hello,

 

I want to install an video conference by AVER that supports H.323.

I have made the port forwarding the user manual states (see below photo) but it does not operate ok. i.e. although I can see and hear the remote party, my camera and microphone are not being transmitted remotely. 

 

Can someone please help me?

 

2022-04-12 (2).png

Labels:
1978
0 Kudos
9 REPLIES 9
AlexC-FTNT
Staff
Staff

Created on ‎04-13-2022 05:06 AM

FortiGate is aware of SIP and other video protocols, with mechanisms that allow traffic inspection and content-alteration. Opening the ports as such (through a VIP, I expect) doesn't disable the session-helpers, which in this case may cause more problems than help the traffic. You need to do that manually (delete the H323 session helper)


- Toss a 'Like' to your fixxer, oh Valley of Plenty! and chose the solution, too00oo -
1910
0 Kudos
vazexa
New Contributor
In response to AlexC-FTNT

Created on ‎04-13-2022 05:42 AM Edited on ‎04-13-2022 07:03 AM

Thank you for your reply!

 

i go to cli and put the following commands but i get command fail error

config system settings

set sip-helper enable (or disable)

 

my firmware version is 6.4.8

Screenshot 2022-04-13 at 3.29.41 PM (2).png

1906
0 Kudos
AlexC-FTNT
Staff
Staff
In response to vazexa

Created on ‎04-13-2022 07:41 AM

You should familiarize yourself with the available commands in a FortiGate.
If you know a part of the command, you can do "show full | grep -f helper" and that will show you where the word "helper" is available.

In your case, you need to DISABLE H323 helper, and not enable it.
To disable it, you must delete it from the session-helper context:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-disable-H323-and-RAS-session-helper...


- Toss a 'Like' to your fixxer, oh Valley of Plenty! and chose the solution, too00oo -
1900
0 Kudos
vazexa
New Contributor
In response to AlexC-FTNT

Created on ‎04-13-2022 08:25 AM

Thank you very much for your help! :)

 

I have done what the link suggests, so i deleted 2 and 3 from the session helper but the problem persists: 

The H.323 call is connected successfully BUT i can only see and listen the remote caller, i cannot transmit audio or video.

 

any other ideas?! 

 

Screenshot 2022-04-13 at 6.21.19 PM (2).png

1895
0 Kudos
Toshi_Esumi
Esteemed Contributor III

Created on ‎04-13-2022 08:53 AM

Well, you should have checked what was in the session-helper config with "show" before changing anything. Looks like "edit 2" didn't exist because it was "added" when you entered into the config mode. Get in the session-helper config mode again and make sure no edit 2 there.

Also based on the protocol list, it also use SIP. So you should delete SIP session-helper (edit 13) as well. Just make sure with "show" the 13 is actually SIP helper.

 

Then, although this is not in the KB, I think you have to reboot the box unless you want to clear all existing sessions.

 

Toshi

1890
0 Kudos
vazexa
New Contributor
In response to Toshi_Esumi

Created on ‎04-13-2022 09:19 AM Edited on ‎04-13-2022 09:19 AM

I actually did checked with the show command and saw that 2 and 3 were deleted, I must have done it earlier in the morning while trying to find out how to make the system operate.

 

The 13 (sip) was still enabled but even after deleting this and rebooting the fortigate, the same problem exists.

 

Do you have any other ideas?

 

thank you very much for your help so far!!

1886
0 Kudos
Toshi_Esumi
Esteemed Contributor III

Created on ‎04-13-2022 09:38 AM

In addition to disabling the session-helper, I would disable SIP ALG at the system settings. You can find how on the internet but like below:

 

config sys settings

  set sip-expectation dis

  set sip-nat-trace dis

  set default-voip-alg-mode kernel-hlper-based  (which is the session-helper you removed)

end

 

This shouldn't require a reboot.

If this still doesn't help, either you need to debug the protocol deeper by sniffing your outgoing video and audio packets before and after NAT to see if the FGT is changing TCP/UDP ports, or open a ticket at TAC to let them look into what's going on.

 

Toshi

1882
vazexa
New Contributor
In response to Toshi_Esumi

Created on ‎04-13-2022 12:58 PM

Thank you very much for your help but it still does not operate. I have already opened a ticket at TAC. 

 

Thanks again!

1871
0 Kudos
AlexC-FTNT
Staff
Staff
In response to Toshi_Esumi

Created on ‎04-20-2022 12:29 AM

To disable SIP-ALG, these commands are NOT required (these commands only affect sip-helper):

set sip-expectation dis

set sip-nat-trace dis

VOIP cases in general need packet captures to see what protocol fails and what is negotiated. So in this case, opening a case where you can attach the packet capture is better. You may also reference this discussion in the case, so the engineer knows what has been done so far.


- Toss a 'Like' to your fixxer, oh Valley of Plenty! and chose the solution, too00oo -
1811
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.