Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
jokes54321
New Contributor III

SDWan impacting RTP

We have actively been configuring SDWan on our firewalls and it works great for general web surfing. The issue we are running into is with our phones connecting to our cloud phone provider.

 

Initially, SDWan was configured for all traffic to use the link with the best quality. Overall, this worked well, but we'd frequently get tickets indicating the phones would ring, but have no audio.  I'd log in, check which interface was marked as the preferred Interface in SDWan, then check the active sessions from our voice VLAN and find the sessions established on the least preferred interface. 

 

My guess is, the control session remains connected over the least preferred interface, but new RTP sessions are egressing the preferred interface and not setting up with our provider. I added an SDWan rule specifically for voice traffic using the primary interface only, and this greatly reduced the issue.

 

Today, our primary circuit dropped at a site and a lower SDWan rule allowed the control session to be re-established over the backup circuit, but when the primary circuit came back online, the audio issue started again. 

 

Is there a way I can configure my voice SDWan rule so that once a session from a phone IP is established on a given egress interface, that all subsequent connections also use that interface?

 

Denny

4 REPLIES 4
gfleming
Staff
Staff

You probably want to set "set snat-route-change enable". This will cause sessions that are Source NATted to be cleared and re-established when a routing change occurs. In your case this means the SIP control session will get cleared when the preferred SD-WAN member becomes available and will be re-established on that link.

 

By default sessions that use SNAT will not get cleared when a routing change occurs...

 

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Routing-Changes-and-SNAT-snat-route-...

Cheers,
Graham
jokes54321
New Contributor III

Hi Graham,


Thank you for the response. Does this work with SDWan, where routing decision are based on "best quality" and not necessarily an outage?

gfleming

Yes it will. A policy route change (what SD-WAN uses) is still a routing change.

Cheers,
Graham
jokes54321
New Contributor III

 

Hi Graham,


You suggestion worked great for the voice traffic issue, but it wreaked havoc with other applications. Our locations connect to hosted RDGateway applications and each time SDWan made a routing change with this setting enabled, our users would get disconnected from the sessions. This would happen multiple times a day. 

 

What I need is for something like an RTP session helper that will keep RTP traffic on the same interface as the control channel or if snat-route-change enable could be applied to my VOICE VLAN interface instead of globally.  I would much prefer the first option so we can configure SDWan to use both circuit simultaneously, rather than primary/backup, like we're having to do now. 

 

Denny 

 

 

Labels
Top Kudoed Authors