Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
TP999
New Contributor

Created on ‎01-09-2024 02:24 PM

FORTIGATE 60D draytek vpn one way audio

Hi 

I have a requirement to connect a =yealink DECT ip =phone in a remote office.

 

i have managed to create an ipsec vpn tunnel from the fortigate to the remote draytek.

 

I have managed to connect and comission the OPEN SIP YEALINk and register it ok.

 

When routing a DDI external SIP  number via the pbx @ the Fortigate site calls route fine with audio working fine.

 

The issue i have is when dialing the users internal number from another local ip phone i get one way audio.

 

The open sip yealink uses port 5059 FYI

 

i have subsequently tested draytek to draytek and it works fine therefore it must be the fortigate setting.

 

Any help would be appreciated.

Labels:
468
0 Kudos
6 REPLIES 6
DPadula
Staff
Staff

Created on ‎01-09-2024 04:06 PM

Hi TP999,

He have many articles showing how to troubleshoot voip issues on Fortigate. If you do a quick search using 'sip traffic' on our community search, you will get the following links as eg. 

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-One-Way-Audio-after-upgrading-to-FortiOS-7...

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-One-way-Audio-issue-in-VOIP-with-SIP...

 

Try to use the troubleshooting commands on articles above to understand what is causing the issue. 

 

451
0 Kudos
TP999
New Contributor

Created on ‎01-12-2024 01:18 AM

im back at work and will try your advice.

 

One point will SIP ALG effect 'internal' pbx calls as external calls are working fine ?

 

405
0 Kudos
nweckel
Staff
Staff
In response to TP999

Created on ‎01-12-2024 07:08 AM

Hi TP999,

It could impact internal communication if SIP ALG translate IP addresses that it shouldn't. You can disable it with a voip profile with config sip > status disable

You will need to clear the SIP sessions or reboot the FortiGate to apply the changes.

For your troubleshooting I'd recommend to take a packet capture on the incoming and outgoing interface of the firewall during a call. With Wireshark you'll be able to see what happens to RTP packets.

397
0 Kudos
mle2802
Staff
Staff

Created on ‎01-12-2024 01:43 PM

Hi @TP999,

Can you try to disable sip alg https://community.fortinet.com/t5/FortiGate/Technical-Tip-Disabling-VoIP-Inspection/ta-p/194131

Regards,
Minh

386
0 Kudos
TP999
New Contributor

Created on ‎01-16-2024 07:56 AM Edited on ‎01-16-2024 07:57 AM

 

I confirm ALG is turned off.

 

I tried it on but again no audio from LAN to remote user.

 

The traces below show RTP traffic when calling from FORTIGATE/PBX side to DRAYTEK user, it works fine if a SIP external call is routed to the remote device.  Top trace is FG to DRAYTEK

 

The TRACE below is DRAYTEK TO DRAYTEK VPN showing RTP traffic fine.

 

Am I missing something in my policies.fortigate internal issues.png

 

 

 

343
0 Kudos
hbac
Staff
Staff
In response to TP999

Created on ‎01-17-2024 07:34 AM

Hi @TP999,

 

The top trace shows 401 unauthorized 192.168.70.246. Can you run packet sniffer in FortiGate CLI and provide the output:

di sniffer packet any 'host 192.168.70.246 and host 192.168.75.10' 4 0 l 

 

I want to make sure that source ports are not being modified by FortiGate.

 

Regards, 

327
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.