Hi, I' m trying to diagnose a VOIP / SIP / Asterisk issue, where inbound calls to my site' s Asterisk box are dropped after 20 seconds. This is because the inbound connection is not being acknowleged when it should be - and the system requires acknowledgement within 20 seconds. The relevant line in the output of the ' diagnose sniffer packet' line is this: 2.766927 172.16.171.20 -> 210.8.185.158: icmp: 210.8.185.158 udp port 19700 unreachable Note that I have replaced my ITSP' s SIP server address with one of www.google.com' s ip addresses. I have a firewall rule (second in the order list only to another rule that does not match): edit 18 set srcintf " internal" set dstintf " wan1" set srcaddr " VOIPbox" set dstaddr " all" set action accept set schedule " always" set service " VOIP" next where VOIP is: TCP/5060-5070:5060-5070 UDP/5060-5070:5060-5070,10000-20000:10000-20000 and VOIPbox is: 172.16.171.20/255.255.255.255 So how do I interpret the output of ' diagnose sniffer packet' ? I understand that ICMP is being used to tell me that the UDP traffic was not accepted, but that does not make sense to me. Can someone point me in the direction of a reference to understanding exactly what the output means? There is a description in the Fortinet documentation of the required input, but I have not yet found a good description of what the output means. Thanks