Hi all,
I have disabled VoIP inspection, but the problem persist.
The pbx is within the network like all ip phones.
The STUN server on the pbx is enabled.
The calls work beyond 30 seconds only without the STUN server and with the pbx published by the VIPs.
Do you have any suggestion?
Thanks in advance
ac
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I resolved this issue. The problem was on PBX.
I disabled the STUN server on PBX and leaved only the external ip address with the public ip of FortiGate.
The call never did not stop.
I hope it will be useful
make sure sip alg is disabled, create voip services with rtp and sip ports and allow them in the policy to/from sip server , create vip with ur sip server and include it to that policy. the best practice is to run voip inside of the ipsec vpn (if between remote sites)and turn off nat and any security profiles.
I don't have security profiles applied, and I'm sure sip alg is disabled:
(settings) # show
config system settings
set sip-nat-trace disable
set default-voip-alg-mode kernel-helper-based
set gui-dns-database enable
set gui-voip-profile enable
end
(session-helper) # show
config system session-helper
edit 1
set name pptp
set protocol 6
set port 1723
next
edit 2
set name h323
set protocol 6
set port 1720
next
edit 3
set name ras
set protocol 17
set port 1719
next
edit 4
set name tns
set protocol 6
set port 1521
next
edit 5
set name tftp
set protocol 17
set port 69
next
edit 6
set name rtsp
set protocol 6
set port 554
next
edit 7
set name rtsp
set protocol 6
set port 7070
next
edit 8
set name rtsp
set protocol 6
set port 8554
next
edit 9
set name ftp
set protocol 6
set port 21
next
edit 10
set name mms
set protocol 6
set port 1863
next
edit 11
set name pmap
set protocol 6
set port 111
next
edit 12
set name pmap
set protocol 17
set port 111
next
edit 14
set name dns-udp
set protocol 17
set port 53
next
edit 15
set name rsh
set protocol 6
set port 514
next
edit 16
set name rsh
set protocol 6
set port 512
next
edit 17
set name dcerpc
set protocol 6
set port 135
next
edit 18
set name dcerpc
set protocol 17
set port 135
next
edit 19
set name mgcp
set protocol 17
set port 2427
next
edit 20
set name mgcp
set protocol 17
set port 2727
next
end
And I rebooted the FortiGate, but the problem persist.
I resolved this issue. The problem was on PBX.
I disabled the STUN server on PBX and leaved only the external ip address with the public ip of FortiGate.
The call never did not stop.
I hope it will be useful
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1709 | |
1093 | |
752 | |
446 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.