We are having an issue where users, using our VPN connection, with the Fortinet VPN client and using the Mitel Connect software do not get the audio portion of a phone call. Neither side of the call can hear each other. The this feature with "soft phone" works, when the computer is internal and not making use of the VPN. I don't know if it is a setting in the Fortigate or an issue with the Mitel software.
What are the best practices and settings for VoIP calls through the firewall ?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
What did they do to fix it ?
I used SUBNET instead of IP Range for VPN clients (172.16.10.0). Since split tunnel was enabled, I added the subnet of vpn clients as routing address under ssl-vpn portals and created ssl.root to ssl.root firewall policy.
Below was the summary of the remote session with TAC support.
A recap of what we have done:
>Showed me the SSLVPN with the full-access split tunnel configured.
>Mentioned your softphone was ringing, but no voice on either side.
>You added the 172.16.10.0/24 into your sslvpn split tunnel.
>Disconnected and reconnected the SSLVPN to get it on your device "route print".
>You were able to ping 172.16.10.1(your colleague device), but your colleague wan not able to ping you.
>Noticed the issue was on your colleague username which was not in the SSLVPN group on the firewall policy 50.
>Added it in and was able to ping.
>Tested call and was working as expected now.
I think you need to make sure that vpn clients can successfully reach the mitel director and the vpn client ip you wish to call. BTW firewall is running FortiOS v6.2.3
We're not using split tunneling, so that is not part of our issue. We can ping from our VPN client to the Mitel server and from the Mitel server to the client. So, that is different. I suspect this was a good part of our issue...
"Noticed the issue was on your colleague username which was not in the SSLVPN group on the firewall policy 50."
We got our issue solved.
In our case, UDP traffic coming from the VPN to the inside could not get to port 10000 for UDP. Turning off NAT on the VPN to Inside policy resolved the issue. We have NAT turned on , on the outgoing policy still.
We have the same issue, Operator can see incoming calls, answer calls and see presence of other desk phones via VPN, but no audio. Mitel and Fortigate SSLVPN
Not our SIP or Voice provider can figure it out. This thread does give some insight thanks. Will reply with something useful if we get our s resolved.
I also from testing suspect something not traversing the VPN after SIP hands over the call. RTP or otherwise is not communicating between endpoints.
Good day
We have concluded our issue to routing problems. We realized that we use split VPN. Creating a direct VPN profile local on the fortigate we could follow the packets.
Prior we could not PING the voice gateway or the PBX via the VPN connection. We could reach the OIP server and the voice provider breakout. I am sure that this was due to custom setup, but our tracerts all ended up at the breakout.
The voice providers router did not allow the VPN end-point's new IP address to traverse through it. They added routes to allow not only local traffic but also the forticlient IP assigned in the VPN to be allowed via their breakout.
Issue was not at our ISP, but at the voice provider not allowing all traffic through their gateway to communicate with the Mitel400 hosted in the cloud.
Seems so obvious now. Run a trace to the PBX and see where it stops. In our case it was not a port issue, but a path issue. This makes sense too, as the RTP traffic never reaches the PBX after the SIP connects the call.
Hope this helps.
I've opened a ticket on this issue and it's working now.
kulas wrote:So what was the issue and fix for this problem?I've opened a ticket on this issue and it's working now.
have you found the issue with this?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1673 | |
1083 | |
752 | |
446 | |
226 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.