We have a Fortigate 81F, with FortiOS 6.4.8, newly installed; currently the configuration is fairly loose, for troubleshooting issues.
We have Yealink T4x phones, connecting to SkySwitch, our cloud provider. For reference, here is there requirements.
https://docs.skyswitch.com/en/articles/37-ip-addresses-ports
We are having sporadic, highly random processes where individual phones will fail to register. I have created a policy allowing traffic on these ports (all services for now) out of our internal LAN (currently, the phones are on the primary LAN with no VLANs). I have also made the following changes:
This has lessened the issue, but has not resolved the issue. Oddly enough, resetting one of the Yealink phones to factory will fix its registration issues for a time, but they can come back. I contacted Fortinet support, and they demonstrated the traffic appears to get through, but I have not had this issue until we switched from an Untangle U150 firewal to the Fortigate, and I don't know where else to point.
I have several packet captures of phones booting up that I could supply on request. If anyone could provide suggestions or assist, I'd greatly appreciate it.
The usual suspect for this kind of symptom is SIP session helper or ALG. But you already disabled both. Then I would try capturing packets at the outbound interface when a phone goes off-line. The phones and the server must be exchanging packets periodically to confirm they're still there, or changed IP or moved the location. Something must go wrong when they get unregistered.
I think that's the start to troubleshoot.
Toshi
Hello,
In case you are using PPP interface, do a packet capture and see if the TSL server hello leng is bigger than the fortigate MTU.
I had a case where the server was sending the server helo with 1506 length. and the fortigate had only 1500 MTU.
So just do :
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.