Hi All,
Cannot figure this one out.. neither can the Fortigate TAC it seems.
FG 500E in HA running 6.0.9
users on LAN doing MS teams and/or skype video calls complaining about bad quality from the remote party inbound. however remote party can see LAN users fine and quality is good. so it appears only inbound video quality affected from outside of the company network.
we have done and tried the following to date
> We checked the external and internal interface but no errors or drops observed > We created a traffic shaper but no improvement > We disabled any security profiles in the policy but no improvement > We created a DoS policy for outgoing traffic for the internal interface and there was a slight improvement but not much.
> we put a laptop in ISP router it works 100%.
> we put this same laptop on a dedicated port on FW problem appears.
> deleted and disabled SIP (made some difference but not enough)
However Zoom works 100% (not allowed anymore due to security risks)
Internet pipe is 1GB both ways.. and less than 100users onsite due to covid-19 atm. So def not bandwidth issue.
FW util is very low.. memory usage etc same.
any ideas?
thanks in advance
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
bypassing DoS for Microsoft Teams´s traffic solved my problems!! Tks!
Bypass the dos policy fixed also our problem with MS Teams!
We use Firewall 60E HA cluster with Fortios 6.2.4
Hi
Just wondering if you ever resolved this? It sounds really similar to the problem I'm having, although the teams call quality monitor indicate its outbound that has the issue.
Running a 100D firewall as soon as you get 5 or 6 people on a Teams call the quality is awful. If you bypass the firewall through the same link the quality is fine.
I've done exactly the same steps, to try and resolve it, as you have
Just posting a "me too" I work for a Fortinet VAR and have not had luck with Fortinet help. My issue does affect zoom for some customers as well, though.
What kind of switching and wireless are you guys running; my firewall/FortiExpert keeps saying there's no way it's the firewall, but I haven't seen proof. We get the complete hang up as well as some quality issues; but i have packet captures that shows that inbound/download UDP traffic will literally stop for multiple seconds for the call traffic; but TCP traffic from the same source/dest IP at the same time doesn't seem affected. Honestly I don't see how this is not a firewall issue at this point; but I'm getting push back and next to zero help from the firewall perspective so it's up to me to prove something one way or the other.
the "remote" users on the calls can see/hear the on prem user just fine during the hang; which the packet capture also represents. Is this consistent with what you notice?
I have several customers affected as well as us ourselves.
I have customers with Fortigates that are affected and some that are not; seems to creep up randomly. I have seen this on 6.0.4 (upgrading this customer this weekend to 6.0.9) I have seen it on 6.2.3 as well, and Im hesitant to put anything on 6.2.4 based on what i've heard.
I believe one very specific pattern I've seen so far (but not necessarily the case) is that this is happening in HA units.
One customer was a brand new 600E HA pair and the box itself was the problem; got the box replaced; but I am still seeing this in networks where I can flip the cluster over and still have an issue.
Did either of you get anywhere with this? I have dozens of hours into this, and I don't care if the problem is the firewall or not; I need proof of where in the network this is occurring.
We had a similar issue - TAC found a DOS policy that had been set by a coworker that was periodically causing the issue due to probes that Teams periodically sends out to test performance. The DOS policy was dropping the probes and causing all sorts of oddness with Teams, including video issues. Removing the DOS policy fixed this.
Issue ongoing or resolved?
Mike Pruett
mine appear to be resolved; but I'm being cautiously optimistic.
As several people posted on Twitter; bypassing DoS for this traffic so far has been VERY promising.
One customer repoted that their best call on Monday (before the change) was 25% packet loss, and on Tuesday (After the change) the worst call was less than 1%; so, very promising at this point.
I won't call it resolved for at least a couple days. As for my employer's network; the issue will disappear for days and I won't hear a peep; and then all of a sudden one day it's terrible.
Hi everybody!
I'm managing some Fortigate 50E and having the same problem in one of them. The unit is not in HA mode and has firmware 6.2.5. Image stops seconds after the start of a Skype videocall. It affects a lot more the video that we are receiving from the remote user.
I don't have any DoS policy (IPv4 DoS Policy section is empty).
Sorry the dumb question but how do I bypassing DoS for this traffic?
Help very much appreciated.
if there is no DoS Policy there you don't have to worry, you are not using it.
for your issue you probably better start a new question with full details, or try Fortinet support.
if it always fails after a few seconds that is easier to trouble shoot then poor quality.
bypassing DoS for Microsoft Teams´s traffic solved my problems!! Tks!
Bypass the dos policy fixed also our problem with MS Teams!
We use Firewall 60E HA cluster with Fortios 6.2.4
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1732 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.