Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
tomecheq
New Contributor

FG310B HA - VIP access problem.

Hello to all. I have cluster of two FG310B with 4MR2 patch12. I have also 2 WAN links setup as ECMP " load balancing" (weight metod). In internal i have videoconferencing device - polycom(H.323) which is set to WAN by VIP (1 to 1 SNAT). I have also addedd policy route to force traffic to go out by WAN1, VIP is set also on WAN1. I can ping from WAN this internal device but i cannot connect from WAN using client program (PVX) to internal device. Traffic is allowed on all ports both sides. I have trying to disable h.323 session helper but no luck. It looks that there is problem to finish negotiating the connection from PVX client. Maybe someone have some ideas to solve this problem. Thanks in advance for all propositions.
1 REPLY 1
g3rman
New Contributor

Ah yes, good old PVX :) You mention you had already played with the session helpers, but here is a handy link for reference on that subject. http://firewallguru.blogspot.com/2008/03/sip-and-h323.html I know that internally Polycom does not pass video traffic through the firewalls because NAT inherently breaks most H.323 and SIP traffic. They use their VBP (Video Border Proxy) which is essentially a H.323/SIP proxy that knows how to manipulate this type of traffic properly even when NAT is involved. Trust me when I say it will likely be much easier to get some type of H.323 Proxy than to get this working via the firewall. After all, I used to run the firewalls and VBPs for Polycom ;)
A Real World Fortinet Guide Configuration Examples & Frequently Asked Questions http://firewallguru.blogspot.com
A Real World Fortinet Guide Configuration Examples & Frequently Asked Questions http://firewallguru.blogspot.com
Labels
Top Kudoed Authors