OK, what' s the secret to make IP phones work?

rwpatterson · ‎01-04-2012

I have a vendor trying to make his equipment work through the FGT, and he' s having issues. I' ve only dealt with these things once before, and they SUCK. Personally, they should just go Vonage and be done with it, but that' s not up to me. Using v4.1.10, they have 4 phones coming off a concentrator. 2 dial out, but cannot get to 800 numbers, and 2 cannot dial at all. I deleted the SIP helper. That enabled the dead phones to dial, but then the parties could no longer hear each other. Please, someone enlighten me if I' m even close on IP phone configuration, where I should be looking, etc. Thanks in advance.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

ddskier · ‎01-04-2012

I ran into the same issues using Cisco IP Phone and the Cisco Call Manager servers. The Fortinet SIP-Helper stuff is supposed to work, but it doesn' t. I ran into issues that some versions of the firewall firmware would work as expected and some would break it, or if it did work the SIP helper would intermittently only give one way audio. Truly, a big pain in the butt. I just ended up placing our Cisco VOIP Router outside of the firewall and had all of the external SIP traffic route through it. This removed the need for NATâ€™ing by the Fortinet firewall and it has been running perfect since then. In my opinion, the fortinet canâ€™t reliably NAT SIP traffic. Either have a VOIP Router do it, or maybe move to IPv6 which removes the need for NAT.

-DDSkier FCNSA, FCNSP FortiGate 400D, (2) 200D, (12) 100D, (2) 60D

pcraponi · ‎01-04-2012

You have deleted the sip helper, but are you disabled then rebooted Fortigate? config system settings set sip-helper disable end exec reboot I ALWAYS use a NAT Full (1:1) for SIP servers regards, Paulo Raponi

Regards, Paulo Raponi

emnoc · ‎01-04-2012

Are these phone really SIP , cause by default they are SCCP ( aka skinny )? has the VoIP conducted any diagnostic to see where/what is failing? and at minimum execute and phone traces? What I' ve done and seen more and more of, are SIP-proxies and or a isolate Voip-gateway. These designs make it easier for VoIP operations.

PCNSE

NSE

StrongSwan

laf · ‎01-04-2012

I had the same issues with IP phones. After I delete SIP helper worked ok. Still try all the solutions posted here.

The most expensive and scarce resource for man is time, paradoxically, it' s infinite.

rwpatterson · ‎02-06-2012

The vendor is using 4 phones for a site that we are soon to be splitting off our network. I simply told him that we couldn' t support his phone with our existing infrastructure, and he needed to get his own Internet service for that. He didn' t like my answer, but in less than 2 months, it is going to be happening nonetheless. I can' t see losing sleep over something that' s going away soon....

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

beaven67 · ‎02-16-2012

I have several sites using hosted IP phones and the only problems Ive ever had are with the sip helper. I always disable and remove it. If you can ping the ip address of the sip server (pbx) and have fairly low jitter then they should be working. There are some cases where you have to tell the phones that they are going through a natted device but usually this is automatically done on most new phones.

rwpatterson · ‎02-16-2012

The gentleman I was working with was more like a salesman than a technician. He really had no idea how to configure the gear. He wanted me to look up the model concentrator on the Internet and tell him what to do. I already have too many jobs... Like I said, that place more than likely will be going away in the next few months. We will see...

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

laf · ‎05-22-2012

I have 60C running MR 3 patch 5 and two ISP (2nd is for backup). Every time it switches from ISP 1 to ISP 2, IP Phones will not register any more although SIP Server shows all extension as registered. The solution I got is to change the local IP of the phones. But this is crazy as I have more than 50 IP Phones. (SIP Server is outside LAN).

The most expensive and scarce resource for man is time, paradoxically, it' s infinite.

Derek_ · ‎05-23-2012

I too have more than 50 phones on a hosted service, over SIP. Fortunately I haven' t had too many issues yet. Your mileage may vary, but my phone vendor provided me a list of things that they prefered I do: Here are some general settings that should be configured on the router located in your office: SPI - disabled (Yah sure) IP Sec - disabled (Not gonna happen) SIP ALG - disabled (Interesting) Firewall - disabled (When hell freezes over) QOS info: (ports that needs to be prioritized): (Here we go) UDP 5060 UDP 5199 UDP 3478 - 3480 UDP 15044 UDP 16384 - 16404 UDP 2222 - 2269 TCP 16000 TCP 80 TCP 443 So far, so good.