SIP RTP Pinhole Issues No Audio - Need Help Folks!!
I am having a SIP/RTP issue. I am about to make to have the phone rings but now audio.. (RTP?)
I run the following command from the external vdom:
I get the following.. It is hitting policy 0 (cleanup policy).. It looks like fortinet is not opening PinHoles.
id=20085 trace_id=4002 func=print_pkt_detail line=5878 msg="vd-external:0 received a packet(proto=17, 216.115.22.117:28124->MYPUBLICIP(REDACTED):11816) tun_id=0.0.0.0 from internal5. "
id=20085 trace_id=4002 func=init_ip_session_common line=6050 msg="allocate a new session-028b2f32,
id=20085 trace_id=4002 func=fw_local_in_handler line=500 msg="iprope_in_check() check failed on policy 0, drop"
I have the following vdoms:
My SIP config:
EXTERNAL(EXTERNAL) # config system settings
EXTERNAL(settings) # show
config system settings
set sip-expectation enable
set h323-direct-model enable
set default-voip-alg-mode kernel-helper-based
set gui-voip-profile enable
end
EXTERNAL(EXTERNAL) # config voip profile
EXTERNAL(profile) # edit default
EXTERNAL(default) # show
config voip profile
edit "default"
set comment "Default VoIP profile."
config sip
set status disable
end
next
end
FGTAB01 (global) # config system session-helper
FGTAB01 (session-helper) # show
config system session-helper
edit 13
set name sip
set protocol 17
set port 5060
next
end
My theory is that when the phones connect using SIP to the PBX server, it does not create Pinholes for the RTP audio to come back and be allowed because I can see the RTP being dropped by policy 0 above.
PLEASE HELLLPP :)
You need to specify which interface is external and which is internal for the helper to work.
config system interface
edit "wan"
set external enable
next
edit "lan"
set internal enable
next
end
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.