Is this still working for you? I have set it up and it works 100% of the time for outgoing. Incoming is a problem. On the twilio origination page the "Make a test call" works but calling the number from any other phone to the trunk phone number does not. I have a ticket open with support but after a few back and forths we are still working on it.
I got it to work, but went with voip.ms as they are more standard, and easier to secure.
If your firewall is locked down, it could be blocking an inbound call from an IP that is not already connected.
You can also do a PCAP at the phone system and see if the call is even making to your system.
I'm doing some testing with Fortigate ALG and Fortivoice - so far Trunks are working (sherweb and voip.ms) - but phones are not. I was thinking of testing with my Twilio account too. If I get some time, I'll put in the test tmrw.
If I use the test call button on the origination page the incoming call works 100% of the time. If I call the twilio number from a phone it fails 100% of the time. On twilio pcap the working one from clicking the test button shows the request coming in and getting a status 100 response and it keeps going. On the failed request calling the number from a phone shows the incoming request and a response of 401 unauthorized. I am seeing the same on the Fortivoice side but i am not sure what exact part of the request is causing the denial.
The only thing support has had be do so far is go to Security -> Intrusion Detection and add exempt ips for twilio ip ranges. I have the intrusion detection disabled so I don't think this is the issue.
When you say incoming is working, it is working by dialing from an outside phone? If so can you review my settings and see if any differences are noticed?
I had the exact same behaviour as you and I'm pleased to report that I found a way to fix this. Twilio only uses authentication when terminating calls and you have to treat origination and termination as two separate entities when working with Twilio. Furthermore, the presence of a 401 Unauthorised message basically alerts Twilio to give up. So the FortiVoice needs to be configured to blindly accept any incoming calls from Twilio's SIP signalling IP ranges.
In order to do this you need to setup 4 or more "Office Peers" on FortiVoice for the region you call from based on the relevant Twilio Signalling IPs. Simply create a new custom office peer, set auth to disabled and ensure that the IP is one from the signalling IP range in Twilio. Unfortunately on FortiVoice you can't enter CIDR ranges so you have to go through all IPs sequentially (which means up to 32 peers if you want to receive calls from all Twilio regions).
Once this is done, set your inbound call routing rule to use all of the Office Peers you setup. Once this is done, inbound calls should work :)
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.