We are having an issue where users, using our VPN connection, with the Fortinet VPN client and using the Mitel Connect software do not get the audio portion of a phone call. Neither side of the call can hear each other. The this feature with "soft phone" works, when the computer is internal and not making use of the VPN. I don't know if it is a setting in the Fortigate or an issue with the Mitel software.
What are the best practices and settings for VoIP calls through the firewall ?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I'm sorry if this is being double posted.
We are having the same issue using SSL-VPN on a FortiGate 301E and Mitel Connect. It appears that the UDP packets that carries the audio for Mitel Connect is not passing through the VPN. I wonder if the UDP packets can not be encrypted therefore it is not allow to pass through the VPN. Is the a way to have UDP pass through a SSL-VPN or would an IPsec VPN work better? Thanks.
Have you been able to show SIP packets and UDP packets being blocked ? I am still trying to find where the traffic stops so I can focus on that.
I do have this same issue. Hope someone could help us about this.
Some packet sniffing inside the our Fortigate shows an error getting to UDP port 10000 coming from the VPN device into our network, but no errors going from inside to out the VPN. We have a specific service for the VoIP phones that covers this port and 'all' services are allowed with this VPN tunnel, so there must be something not obvious that needs changing.
VOIP issues are often a pain to troubleshoot.
If you have guys already tried to disabling the SIP session helper or SIP Application layer gateway?
See following Link:
https://doc.boll.ch/virtual/1534/FortiOS_-_SIP_deaktivieren_v1.2.pdf
Document is in german, but google translate does a decent job translating it.
Yes. I have disabled SIP helper and the Gateway is set differently.
I think the issue is not so much the SIP, because the phone call is setup , and I can answer the call, which is what the SIP part is supposed to do, but the audio data is not making it.
The SIP helper/ALG reads the traffic, modifies IP's and opens ports for the audio the pass.
So this could very well be an SIP helper/SIP ALG issue.
You are most likely using ALG-mode - in this case changing SIP helper settings has no impact.
Can you verify with:
# show full | grep default-voip
set default-voip-alg-mode proxy-based
And then verifiy your ALG settings are disabled.
fgt # config voip profile
fgt (profile) # edit default
fgt (default) # config sip
fgt (sip) # set status disable
fgt (sip) # set rtp disable
fgt (sip) # end
fgt (default) # next
fgt (profile) #
end
I changed the ALG to proxy based at the same time.
I've opened a ticket on this issue and it's working now.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1673 | |
1083 | |
752 | |
446 | |
226 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.