Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Not applicable

VOIP and Port Forwarding

I have an 80CM on a small network with 3 PC' s and 3 Packet 8 IP phones. We have dual WAN' s and I setup a new service called " Packet 8" with all of the required ports open. I then created a new firewall policy from source all to destination all, set to always and accept for the new service. I then assigned an unfiltered protection profile to this policy. Does this effectively open the ports I need and bypass any filtering? My reason for doing this is to get the best possible QOS for these phones. They have been a little choppy.
6 REPLIES 6
g3rman
New Contributor

Hi Monsterballard, welcome to the forums. You don' t even need to assign a protection profile to the policy, just uncheck the protection profile box. Also, depending on what other type of traffic you have going across your firewall it may interfere with your voice, such as file transfers, etc. Also, keep in mind that when making VoIP calls across the Internet (which is what I assume you are doing) there is no way to ensure quality of service past your firewall.
A Real World Fortinet Guide Configuration Examples & Frequently Asked Questions http://firewallguru.blogspot.com
A Real World Fortinet Guide Configuration Examples & Frequently Asked Questions http://firewallguru.blogspot.com
Not applicable

When I do the connectivity test on the Packet 8 site. It says that the QOS service is unable to produce a constant stream of data. Is there a QOS service feature on this box?
Not applicable

By the way, I did uncheck the profile for the service, but kept the firewall policy. Thanks for that input.
rwpatterson
Valued Contributor III

You could use the traffic shaping setting available in each policy to duplicate the QOS you request. The FGT defaults all to high priority, so you have one of 2 options:
  • Set a traffic shaping for each policy to medium, and set the ones to high that you need (less desirable)
  • Set the global default speed to medium and then just upgrade the policies you need to high. The CLI command is: config system global set tos-based-priority medium end Good luck
  • Bob - self proclaimed posting junkie!
    See my Fortigate related scripts at: http://fortigate.camerabob.com

    Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
    FortiRack_Eric
    New Contributor III

    Hi Bob, You' re right with prio top-base medium, but this can be very tricky on heavily loaded boxes in terms of IO. As with all bandwidth mgt issues. Be very careful and know what you' re doing. Otherwise you' ll see starvation of sessions. cheers, eric

    Rackmount your Fortinet --> http://www.rackmount.it/fortirack

     

    Rackmount your Fortinet --> http://www.rackmount.it/fortirack
    laf
    New Contributor II

    Hi, I have a SSL VPN which I need to prioritize ssl.root - wan1 (NAT) in order that some " key clients" can access local servers and navigate on Internet using " secured Internet connection" . There are only two persons but it was asked from me to provide them all the BW required. The equipment get a guaranteed value of 2048kbits in WAN 1. It has to support about 15 users with no really Internet connection requirements. What BW you recommend me to set for the the VPN policy ? I was thinking to guarantee 180kbytes and a maximum of 300kbytes. Is it a math relation between guaranteed BW and max BW ?

    The most expensive and scarce resource for man is time, paradoxically, it' s infinite.

    The most expensive and scarce resource for man is time, paradoxically, it' s infinite.
    Announcements

    Select Forum Responses to become Knowledge Articles!

    Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

    Labels
    Top Kudoed Authors