Hello, I am the networks administrator in a medium-sized company in Chile. We have a core of Cisco switches, a wired network and a wireless network, in addition to two Fortinet FortiGate 100E firewalls (FortiOS version v6.0.5 build0268 (GA)) and two dedicated Internet links. We have an Alcatel-Lucent OmniPCX PBX, with software version 3EH30556DFAA ONECL030/058.001 Until a few months ago we had four Call Center operators working within the LAN, using the IPSoftPhone v18.104.22.168 software configured in HTTPS+TFTP mode for connection to the PBX. Now, the company has decided that those four Call Center operators work remotely from their homes. For that, connectivity via VPN was defined in an IPSec tunnel through the FortiGate firewalls. With this, the remote users can connect to the LAN via VPN, but the IPSoftPhone is not able to complete the registration in the PBX. When running the application, it tries several times to register but finally aborts due to timeout. I made a capture of the traffic with Wireshark and verified that there are repeated attempts by the PBX to send three files via TFTP, but they fail to reach their destination.
We have two policies defined, one for ingress and one for egress traffic and have tried with NAT enabled and with NAT disabled. No success. Any help or advice you can give me to get to the solution of this problem will be welcome.
If you don't notice any obvious traffic issues, and testing various configuration with the SIP ALG/Session helper does not resolve your issue, I would suggest opening a ticket with Fortinet Technical Support for some more in-depth troubleshooting, in particular to verify if the issue is caused by FortiGate/IPSec tunnel or if something else is going on.
+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
Have you checked if the necessary ports for TFTP are allowed through the IPSec tunnel and firewalls? It's worth verifying the firewall rules and ensuring that TFTP traffic is permitted between the remote users and the PBX. Also, double-check the PBX's TFTP server settings and ensure they align with the remote users' configuration. If the issue persists, contacting Alcatel-Lucent support or consulting with a network specialist might provide further insights. Or you should try using a white label softphone and see how it works. Best of luck in resolving the problem!
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.