Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Barno99
New Contributor

Cisco Expressway Port Forwarding with Fortinet 300D.

Hello,

 

I am working with a tech on a new Call Manager rollout and he has implemented Cisco Expressway and asked me to open ports (5060, 5061, 5222 and 8443) from the external Public IP to the Expressway in my DMZ. I have followed the guide and setup VIP's for these Ports. I have also setup the policies. As soon as I setup the config he is able to telnet to the Server in the DMZ on ports 5060 and 5061 from outside. However after an hour or so these ports close and unless I make a change they stay closed. If I edit the VIP they open up again for another hour. The ports 5222 and 8443 never open up but if I run a diag sniffer I can see the packets acks and syn's between the outside and the DMZ server and then the server sends a RST.

 

My tech tells me the server isn't shutting the connection as its just a dumb server with all ports open.

 

I am running 5.6.3 and have a support ticket open but so far we can't resolve this. I did find an article to put SIP-ALG into kernel based mode and this then put all my phones in remote sites down.

 

Has anyone implemented Cisco Expressway with a Fortinet? 

 

Thanks,

1 REPLY 1
alexromaya
New Contributor

I will be doing the same soon, which Fortinet guide did you use to set up expressway ?  did you get the issue resolved ?

Labels
Top Kudoed Authors