Hey everyone,
I currently have a Cloud PBX running with a public IP address, and I am trying to register a SIP client to it. I am seeing packets hitting the PBX, however all incoming packets are being denied. Please see attached for pictures.
I have also created a policy to allow all incoming traffic from 149.xxx.xxx.xxx into my local subnet. I have tried with and without NAT on both the SIP client and Fortigate.
SIP ALG helper and session helper are also disabled. We currently have a working setup with a pbx hosted behind the fortigate, however we are in the progress of migrating it to the cloud due to power issues at our office location.
Any help would be greatly appreciated!
Thanks in advance.
hm that doesn't provide much information.
I'd suggest doing some flow trace to see what really happens to your packets. This provides more info like which policy was matched or whatever happend to the packet.
diag debug ena
diag debug flow filter clear
diag debug flow filter <rule> (for some filtering like src or dest ip)(you might get lost without filters *g*)
(diag debug flow filter list shows you a list and state of filters)
diag debug flow trace start <numberofpackets>
then watch the cli and do some sip.
Maybe this gives you a clue?
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Best to follow this guide. I had all kinds of SIP issues. This solved them all, this ALG feature should be OFF by default!
https://www.vatacom.com/knowledge-base/disable-sip-alg-fortigate-firewalls/
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1736 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.