Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
truevalueit
New Contributor

Created on ‎08-07-2023 07:58 AM

Sangoma PBX: Sangoma Connect App Trying to Register

I’m having trouble with Sangoma talk app. It keeps trying to register but fails with “effective transport unspecified”. Has anyone solved this? I have a Fortinet firewall with port 5061UDP and RTP10000-20000 open, but RTP ports are closed when scanned. Any suggestions?

 

Here are the logs:

2023-07-31T20:40:08.441Z (1690836008441522)
Sip::Registration::onTransportError
Correlation Id: SiphoneUserAgent[104865000]SipUserAgent[104866200]
State: Registering
Retry: No
Error: GENERIC(3): Subcomponent Failure
In ali_net_connection2.cpp:457
ALI-SOCKET(4): Cannot Connect
In ali_net_tls_socket_impl2.cpp:802
Note: Remote Address: xxxxxxxxxxxxxx
TLS-ALERT(40): Handshake Failure (40)
In ali_protocol_tls_client.cpp:1684

2023-07-31T20:40:08.441Z (1690836008441552)
Sip::Registration::setState
Correlation Id: SiphoneUserAgent[104865000]SipUserAgent[104866200]
Current State: Registering
Next State: Error

getCurrentState: return state: Error
REGSTATECHANGED, current=Error
isCommunicationAllowed: network=Cellular
isCommunicationAllowed: effective transport Unspecified
2023-07-31T20:40:08.442Z (1690836008442703)
DialogSubscriptionAgentSeparate::resetDialogEvents_Basic
Reset Type: Soft
Active Subscription Count: 0
Pending Subscription Count: 0
Active:
Pending:

AgentWithRegistration::scheduling reconnect with timeout of 4000 ms
getCurrentRealState: return state: Error
getCurrentState: return state: Error
2023-07-31T20:40:08.442Z
onRegistrationStateChanged, accountId=0GMlnAlCFhX6jnsV
getCurrentState: return state: Error
getCurrentState: return state: Error
isCommunicationAllowed: network=Cellular
isCommunicationAllowed: effective transport Unspecified
getCurrentState: return state: Error
getCurrentState: return state: Error
isCommunicationAllowed: network=Cellular
isCommunicationAllowed: effective transport Unspecified
getCurrentState: return state: Error
getCurrentState: return state: Error
isCommunicationAllowed: network=Cellular
isCommunicationAllowed: effective transport Unspecified

 

 

 sangomaTalkIssue.gif

Labels:
1675
0 Kudos
1 Solution
pgautam
Staff
Staff

Created on ‎08-07-2023 11:23 PM

Hi @truevalueit 

 

Thank you for posting your query here.

From the attached logs we are observing error "TLS-ALERT(40): Handshake Failure (40)
In ali_protocol_tls_client.cpp:1684" followed by "effective transport Unspecified".

 

In the detail, you mentioned you are using port 5061 UDP for the call registration. However, the error is pointing toward the TCP handshake. Could you please confirm the port and protocol used for the call registration?

 Could you please try using the UDP SIP 5060 or TCP 5060 for call registration and confirm?

 

If still you face issues in call registration then please collect the below sniffer log from the FGT and share it with us:-

diag sniffer packet any 'host x.x.x.x' 6 0 l -----where x.x.x.x is the source IP of the phone you are making a call from

 

 

 

Regards
Priyanka


- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

View solution in original post

1656
0 Kudos
2 REPLIES 2
pgautam
Staff
Staff

Created on ‎08-07-2023 11:23 PM

Hi @truevalueit 

 

Thank you for posting your query here.

From the attached logs we are observing error "TLS-ALERT(40): Handshake Failure (40)
In ali_protocol_tls_client.cpp:1684" followed by "effective transport Unspecified".

 

In the detail, you mentioned you are using port 5061 UDP for the call registration. However, the error is pointing toward the TCP handshake. Could you please confirm the port and protocol used for the call registration?

 Could you please try using the UDP SIP 5060 or TCP 5060 for call registration and confirm?

 

If still you face issues in call registration then please collect the below sniffer log from the FGT and share it with us:-

diag sniffer packet any 'host x.x.x.x' 6 0 l -----where x.x.x.x is the source IP of the phone you are making a call from

 

 

 

Regards
Priyanka


- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

1657
0 Kudos
truevalueit
New Contributor
In response to pgautam

Created on ‎08-08-2023 05:59 AM

After some digging, I was able to address the issue by switching the transport from tls to udp and it now works. I applied some hardening to the policy. Thank you for your help. 

 

 

 

2023-08-08_8-57-48.png

1649
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.