Hi
I have a requirement to connect a =yealink DECT ip =phone in a remote office.
i have managed to create an ipsec vpn tunnel from the fortigate to the remote draytek.
I have managed to connect and comission the OPEN SIP YEALINk and register it ok.
When routing a DDI external SIP number via the pbx @ the Fortigate site calls route fine with audio working fine.
The issue i have is when dialing the users internal number from another local ip phone i get one way audio.
The open sip yealink uses port 5059 FYI
i have subsequently tested draytek to draytek and it works fine therefore it must be the fortigate setting.
Any help would be appreciated.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi TP999,
He have many articles showing how to troubleshoot voip issues on Fortigate. If you do a quick search using 'sip traffic' on our community search, you will get the following links as eg.
Try to use the troubleshooting commands on articles above to understand what is causing the issue.
Hi TP999,
It could impact internal communication if SIP ALG translate IP addresses that it shouldn't. You can disable it with a voip profile with config sip > status disable
You will need to clear the SIP sessions or reboot the FortiGate to apply the changes.
For your troubleshooting I'd recommend to take a packet capture on the incoming and outgoing interface of the firewall during a call. With Wireshark you'll be able to see what happens to RTP packets.
Hi @TP999,
Can you try to disable sip alg https://community.fortinet.com/t5/FortiGate/Technical-Tip-Disabling-VoIP-Inspection/ta-p/194131
Regards,
Minh
I confirm ALG is turned off.
I tried it on but again no audio from LAN to remote user.
The traces below show RTP traffic when calling from FORTIGATE/PBX side to DRAYTEK user, it works fine if a SIP external call is routed to the remote device. Top trace is FG to DRAYTEK
The TRACE below is DRAYTEK TO DRAYTEK VPN showing RTP traffic fine.
Am I missing something in my policies.
Hi @TP999,
The top trace shows 401 unauthorized 192.168.70.246. Can you run packet sniffer in FortiGate CLI and provide the output:
di sniffer packet any 'host 192.168.70.246 and host 192.168.75.10' 4 0 l
I want to make sure that source ports are not being modified by FortiGate.
Regards,
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1634 | |
1063 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.