- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- VoIP Problem over SD-WAN
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
VoIP Problem over SD-WAN
Hi Everyone!
This is my first post, sorry if i'm in the wrong category.
I have a problem with VoIP over SD-WAN. Let me explain
FG50E With 6.2.3 , A telephone exchange who manage all the SIP traffic and register to a cloud server (from now on SBC).
I have 1 ISP Provider who provide FIber (WAN1) and ADSL (WAN2) (Backup line)
It was doing great for 2 months (was 6.2.1), data and VPN over WAN1 and VoIP over WAN2, but one day all the telephones stopped working, no inboud call and no outgoing call. After hours of troubleshooting we noticed that if we move all VoIP traffic to WAN1 the SBC start registering again and everything started working so we did this to let our client work.
Now even if I created a SD-WAN rule to force SBC (and all VOIP traffic) over WAN2. The weird thing is despite this rule and despite it shows that the SBC is using WAN2 (in fortiview), from a packet capture i see that only some UDP packet use WAN2 and everthing else (SIP,RTP) is using WAN1!
The problem is, if WAN1 stopped working the VoIP won't work with WAN2 (i've managed even try to disable WAN1 and let everything on WAN2 but nothing happened and VoIP still don't work).
https://kb.fortinet.com/kb/viewContent.do?externalId=FD36405&sliceId=1 this was done since beginning
Now as i said I upgraded to 6.2.3 (which is more stable than 6.2.1)
https://www.reddit.com/r/fortinet/comments/ccbo0l/voip_phones_and_sd_wan_mystery/ i found this that is similar i think.
Sorry for being a bit confusional, i have fever too so thanks everyon who can help!
- « Previous
-
- 1
- 2
- Next »
12 REPLIES 12
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
toshiesumi wrote:VoIP stopped working random day to day (like a month ago) yesterday i upgraded to 6.2.3 from 6.2.1 (i know it was a mistake using 6.2)Since you already disabled SIP session-helper&ALG, likely the SD-WAN is causing the symptom. Your description was not clear about the timings when VoIP stopped working and when you upgraded it to 6.2.3. Did you upgraded after it stopped working?
For virtually all SD-WAN issues, without seeing actual config for rules and routing-table, and debugging output at the time, then eventually sniffing the traffic on the interface, it's very difficult to even guess what's going on. Besides, when I tried upgrading my home 50E from 6.0.7 to 6.2.3 it was somewhat unstable, so I immediately went back (actually upgraded to 6.0.8 after that).
So, your best chance is to let TAC look at it by opening a ticket. Another SD-WAN case in the forum, they changed OP's set-up to mitigate a bug.
i can make print screen of something if it helps
SIP and RTP packets just use WAN1 (fiber if it's online) and when (adsl, like now while i was troubleshooting) WAN1 is disabled by me SIP packets pass cause i see the SIP registering session and there are some registering packets via packet capture and diag sniff, but no answer from SIP Server.
SD_WAN rule is easy Everything from SBC go to WAN2
img 1 :https://ibb.co/1vWQqbz (packet when WAN1 is down and SBC try use WAN2)
img 2: https://ibb.co/2Y3kvqH (session with SBC using WAN1, same happen if use WAN2)
but as i said WAN1 is okay WAN2 nope...
In the reddit link a user DarkVaderIT if i recall it suggests that could be a provider issue.
EDIT:
I noticed that in the IMG 1 which is a packet capture from WAN2 (10.0.1.2) the source ip is the ip of WAN1. and in the header of the packet SIP i can read that the IP for the login to SIP server is the WAN1 public IP
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I noticed another weird thing, in the packet from WAN2
in "Ethernet II" the Src mac address the the correct interface, but the ip in "Internet Protocol Version 4" the IP is wrong, should be 10.0.1.2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
To resolve the issue with VoIP traffic not properly using WAN2 despite the SD-WAN rule, follow these steps:
- Verify SD-WAN configuration.
- Review firewall policies.
- Test with specific IP address.
- Check NAT and port forwarding.
- Monitor traffic and logs.
- Consider firmware upgrades.
- Engage Fortinet support if needed.
Farina Ahmed
Farina Ahmed
- « Previous
-
- 1
- 2
- Next »
Related Posts
- Limited Network 138 Views
- sd-wan issue 107 Views
- SSL VPN 163 Views
- free vpn client certificate problems 203 Views
- FortiAuthenticator + Citrix XenApp Published Applications 68 Views
Labels
-
FortiGate
6,542 -
FortiClient
1,304 -
5.2
801 -
5.4
639 -
FortiManager
563 -
6.0
416 -
FortiAnalyzer
414 -
5.6
362 -
FortiSwitch
333 -
FortiAP
333 -
FortiClient EMS
263 -
6.2
251 -
FortiMail
243 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
150 -
6.4
128 -
FortiNAC
106 -
FortiGuard
102 -
FortiSIEM
88 -
FortiGateCloud
87 -
FortiCloud Products
84 -
IPsec
73 -
FortiToken
70 -
Customer Service
70 -
4.0MR3
64 -
SSL-VPN
60 -
Wireless Controller
58 -
FortiProxy
44 -
FortiADC
42 -
Fortivoice
41 -
FortiEDR
39 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
32 -
FortiSandbox
31 -
FortiSwitch v6.4
28 -
Firewall policy
24 -
SD-WAN
24 -
FortiConnect
23 -
FortiWAN
22 -
VLAN
21 -
FortiConverter
21 -
High Availability
20 -
FortiPortal
18 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
FortiAuthenticator
14 -
Certificate
14 -
DNS
13 -
FortiDDoS
13 -
SAML
12 -
BGP
12 -
FortiGate v5.0
12 -
Routing
12 -
Interface
12 -
FortiCASB
12 -
Logging
11 -
LDAP
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
Virtual IP
9 -
NAT
9 -
4.0MR2
9 -
RADIUS
8 -
Traffic shaping
8 -
SSID
7 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
SSL SSH inspection
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
Security profile
6 -
Authentication
6 -
Fortigate Cloud
6 -
IP address management - IPAM
6 -
Traffic shaping policy
5 -
FortiBridge
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
WAN optimization
4 -
Web application firewall profile
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
IPS signature
3 -
packet capture
3 -
FortiToken Cloud
3 -
FortiAP profile
3 -
Automation
3 -
Intrusion prevention
3 -
DoS policy
3 -
FortiDB
3 -
Port policy
3 -
FortiDeceptor
2 -
FortiInsight
2 -
NAC policy
2 -
Antivirus profile
2 -
VoIP profile
2 -
Traffic shaping profile
2 -
Web profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
trunk
2 -
Fortinet Engage Partner Program
2 -
TACACS
1 -
4.0MR1
1 -
Schedule
1 -
Users
1 -
SDN connector
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
FortiPAM
1 -
Application signature
1 -
Web rating
1 -
Authentication rule and scheme
1 -
FortiManager-VM
1 -
Multicast routing
1 -
Email filter profile
1 -
Zone
1 -
Internet Service Database
1 -
Explicit proxy
1 -
System settings
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.