Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
CA
New Contributor

Truncal sip appears unreachable behind the Fortinet 60f using Issabel Pbx

Good evening, I hope you can help me get out of this predicament, I have been trying to register my Issabel Pbx exchange to a trunk of the Dominican Claro telephone company for a few days. The Pbx is behind the Fortinet 60f.

At the moment I have a Huawei router which has the VPN configured to connect to the Sip server of Claro, on the other hand I also have Internet service from the same telephone company on the network through another Huawei router, I have two Fortinet interfaces, each one connected to the Huawei routers, I have also configured the routes to the Internet and to the trunk and their respective policies, I have also configured the VIP ports with their respective policies as well, the The issue is that I have access to the internet from the Pbx and I can also pin both the trunk gateway and the IP address of the SIP server, of course, calls between local extensions work well and also with external extensions connected via the Internet, But when the PBX tries to register, it receives the message that the trunk is unreachable, which is why it does not allow calls to be made outside the network.

Claro-SIP 172.31.21.x   Auto (No) No 5060 UNREACHABLE
Below I post the connection configuration to the trunk with the data provided by the telephone company:

type=peer
qualify=yes
insecure=invite, port
host=172.31.21.x
dtmfmode=rfc2833
disallow=all
canreinvite=no
allow=ulaw


Note before I had the same environment and it worked perfectly behind an Edgmax router, the failure was generated when changing to the Fortinet.

I thank you in advance for your collaboration.

2 REPLIES 2
Renante_Era
Staff
Staff

Review the config of your Edgmax router and see if there's a port forwarding entry to open the PBX from WAN>LAN. If that's the case, then you'll need to configure Virtual IPs on the FortiGate.

Configuring a virtual IP | FortiPortal 7.2.0 | Fortinet Document Library

BSCS, BCIS, MIT
CA
New Contributor

Thanks a lot for your for your response Renate_Era, I made the same configuration that was configured on the the Edgmax router, the following images show the port forwarding  configuration in both equipments, the IP addresses have some changes to protect the info but 10.0.0,100 and 192.168.2.100 is the simulated PBX IP address:

 

 

Capture.PNGFortinet ports.PNGCapture1.PNG

 

 For the Fortinet, I configured the firewall policies for the virtual IPs but the the truncal appear unreachable for the Pbx.

What else could I check, to try to solve the issue.

I Really appreciate your help,

 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors