Greetings and thank you in advance for any help you provide.
FortiWiFi-50E-2R, running 6.2
Have 2 WAN interfaces on 2 different ISP's. Have all traffic going in and out on WAN1. If WAN1 fails, it rolls over to WAN2. So far, so good.
We want to force our SIP phones to go out on WAN2 at all times, and I tried doing an outgoing policy route for 5060, 5061, and 10000-10100 (both TCP and UDP) to make that happen, but it doesn't appear to be honored. I read that a "SIP ALG" overrides the policy routes, but I am not certain. I admit I am not too familiar with this.
Clearly, I am going about this the wrong way. Does anyone have any suggestions?
That part has probably nothing to do with either SIP ALG or SIP session helper, which works at L4 or above. The question is how you set up the failover. Likely you don't have two default routes on your routing table (get router info routing-table all). You need to have that to be able to make the policy route work. I recommend set a higher priority number on the WAN2 default route, like 10. Then all other traffic initiated from inside of FGT would take WAN1 while policy route takes the specific traffic to WAN2.
Or if your phones GW is on the internet, you can just set a specific static route toward WAN2.
Just be aware, in either way, when WAN2 goes down, phones die. If you want to fail it over to WAN1, you need to know the GW IP(s) and do the same way for the default route but swapping the role of wan1 and wan2, then let the second link-monitor take care of it.
i do have the two default routes of which you speak, and i have the priority set correctly...
Then the PBR should work. Can you share those two default route part of "get router info routing-t all"? As well as "show router policy" after masking any sensitive parts?
i deleted the policy routes for now but i will re-create them. i'll get back to you with the info. thanks very much.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.