Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

FORTIGATE 60D draytek vpn one way audio


I have a requirement to connect a =yealink DECT ip =phone in a remote office.


i have managed to create an ipsec vpn tunnel from the fortigate to the remote draytek.


I have managed to connect and comission the OPEN SIP YEALINk and register it ok.


When routing a DDI external SIP  number via the pbx @ the Fortigate site calls route fine with audio working fine.


The issue i have is when dialing the users internal number from another local ip phone i get one way audio.


The open sip yealink uses port 5059 FYI


i have subsequently tested draytek to draytek and it works fine therefore it must be the fortigate setting.


Any help would be appreciated.


Hi TP999,

He have many articles showing how to troubleshoot voip issues on Fortigate. If you do a quick search using 'sip traffic' on our community search, you will get the following links as eg.


Try to use the troubleshooting commands on articles above to understand what is causing the issue. 


New Contributor

im back at work and will try your advice.


One point will SIP ALG effect 'internal' pbx calls as external calls are working fine ?



Hi TP999,

It could impact internal communication if SIP ALG translate IP addresses that it shouldn't. You can disable it with a voip profile with config sip > status disable

You will need to clear the SIP sessions or reboot the FortiGate to apply the changes.

For your troubleshooting I'd recommend to take a packet capture on the incoming and outgoing interface of the firewall during a call. With Wireshark you'll be able to see what happens to RTP packets.

New Contributor


I confirm ALG is turned off.


I tried it on but again no audio from LAN to remote user.


The traces below show RTP traffic when calling from FORTIGATE/PBX side to DRAYTEK user, it works fine if a SIP external call is routed to the remote device.  Top trace is FG to DRAYTEK


The TRACE below is DRAYTEK TO DRAYTEK VPN showing RTP traffic fine.


Am I missing something in my policies.fortigate internal issues.png





Hi @TP999,


The top trace shows 401 unauthorized Can you run packet sniffer in FortiGate CLI and provide the output:

di sniffer packet any 'host and host' 4 0 l 


I want to make sure that source ports are not being modified by FortiGate.



Top Kudoed Authors