Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
zwill
New Contributor

Created on ‎02-08-2015 10:40 AM

Voip incoming sound blocked

Hey All,

 

Need some advice please.  Im setting up a new fg-140d and have everything working except my in coming sound on calls is being blocked.

 

I'm using vip to forward the external ip and ports to my internal cudatel.  i can make and receive calls. they can hear me but i cant hear them.

 

the policy log shows 2 entries one says accept and the other says ip-conn.

 

Any suggestions? thanks

4797
0 Kudos
2 REPLIES 2
emnoc
Esteemed Contributor III

Created on ‎02-08-2015 11:38 AM

the diag debug flow command is a very good diagnostic tool. Do a search here and then run the command apply a filter for the traffic that's being block.

 

What I suspect;

 

is the pinhole that carries the RTP streams are not being allowed via the VIP

 

What type of VIP is this ( 1-2-1 or port-forward ) ?

 

What you probably will need is a sip applicationlayergateway ( ALG ) and apply that to your policy.

 

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
1257
0 Kudos
zwill
New Contributor

Created on ‎02-08-2015 02:13 PM

using port forward on vip.

 

here is the debug on my cudatel ip.

 

id=20085 trace_id=88 func=print_pkt_detail line=4373 msg="vd-root received a packet(proto=17, 192.168.2.10:24290->67.231.8.98:27568) from POE. "
id=20085 trace_id=88 func=resolve_ip_tuple_fast line=4432 msg="Find an existing session, id-0001069f, original direction"
id=20085 trace_id=88 func=__ip_session_run_tuple line=2520 msg="SNAT 192.168.2.10->96.27.253.4:24290"
id=20085 trace_id=88 func=ids_receive line=237 msg="send to ips"
id=20085 trace_id=89 func=print_pkt_detail line=4373 msg="vd-root received a packet(proto=17, 192.168.2.10:24290->67.231.8.98:27568) from POE. "
id=20085 trace_id=89 func=resolve_ip_tuple_fast line=4432 msg="Find an existing session, id-0001069f, original direction"
id=20085 trace_id=89 func=__ip_session_run_tuple line=2520 msg="SNAT 192.168.2.10->96.27.253.4:24290"
id=20085 trace_id=89 func=ids_receive line=237 msg="send to ips"
id=20085 trace_id=90 func=print_pkt_detail line=4373 msg="vd-root received a packet(proto=17, 192.168.2.10:24290->67.231.8.98:27568) from POE. "
id=20085 trace_id=90 func=__ip_session_run_tuple line=2520 msg="SNAT 192.168.2.10->96.27.253.4:24290"
id=20085 trace_id=90 func=resolve_ip_tuple_fast line=4432 msg="Find an existing session, id-0001069f, original direction"
id=20085 trace_id=90 func=ids_receive line=237 msg="send to ips"
id=20085 trace_id=91 func=print_pkt_detail line=4373 msg="vd-root received a packet(proto=1, 192.168.2.10:0->67.231.8.98:771) from POE. code=3, type=3, id=0, seq=0."
id=20085 trace_id=91 func=__ip_session_run_tuple line=2520 msg="SNAT 192.168.2.10->96.27.253.4:26012"
id=20085 trace_id=92 func=print_pkt_detail line=4373 msg="vd-root received a packet(proto=17, 192.168.2.10:24290->67.231.8.98:27568) from POE. "
id=20085 trace_id=92 func=resolve_ip_tuple_fast line=4432 msg="Find an existing session, id-0001069f, original direction"
id=20085 trace_id=92 func=__ip_session_run_tuple line=2520 msg="SNAT 192.168.2.10->96.27.253.4:24290"
id=20085 trace_id=92 func=ids_receive line=237 msg="send to ips"
id=20085 trace_id=93 func=print_pkt_detail line=4373 msg="vd-root received a packet(proto=17, 192.168.2.10:24290->67.231.8.98:27568) from POE. "
id=20085 trace_id=93 func=resolve_ip_tuple_fast line=4432 msg="Find an existing session, id-0001069f, original direction"
id=20085 trace_id=93 func=__ip_session_run_tuple line=2520 msg="SNAT 192.168.2.10->96.27.253.4:24290"
id=20085 trace_id=93 func=ids_receive line=237 msg="send to ips"
id=20085 trace_id=94 func=print_pkt_detail line=4373 msg="vd-root received a packet(proto=17, 192.168.2.10:24290->67.231.8.98:27568) from POE. "
id=20085 trace_id=94 func=resolve_ip_tuple_fast line=4432 msg="Find an existing session, id-0001069f, original direction"
id=20085 trace_id=94 func=__ip_session_run_tuple line=2520 msg="SNAT 192.168.2.10->96.27.253.4:24290"
id=20085 trace_id=94 func=ids_receive line=237 msg="send to ips"
id=20085 trace_id=95 func=print_pkt_detail line=4373 msg="vd-root received a packet(proto=17, 192.168.2.10:24290->67.231.8.98:27568) from POE. "
id=20085 trace_id=95 func=resolve_ip_tuple_fast line=4432 msg="Find an existing session, id-0001069f, original direction"
id=20085 trace_id=95 func=__ip_session_run_tuple line=2520 msg="SNAT 192.168.2.10->96.27.253.4:24290"
id=20085 trace_id=96 func=print_pkt_detail line=4373 msg="vd-root received a packet(proto=17, 192.168.2.10:24290->67.231.8.98:27568) from POE. "
id=20085 trace_id=96 func=__ip_session_run_tuple line=2520 msg="SNAT 192.168.2.10->96.27.253.4:24290"
id=20085 trace_id=96 func=resolve_ip_tuple_fast line=4432 msg="Find an existing session, id-0001069f, original direction"
id=20085 trace_id=96 func=ids_receive line=237 msg="send to ips"
id=20085 trace_id=97 func=print_pkt_detail line=4373 msg="vd-root received a packet(proto=17, 192.168.2.10:24290->67.231.8.98:27568) from POE. "
id=20085 trace_id=97 func=resolve_ip_tuple_fast line=4432 msg="Find an existing session, id-0001069f, original direction"
id=20085 trace_id=97 func=__ip_session_run_tuple line=2520 msg="SNAT 192.168.2.10->96.27.253.4:24290"
id=20085 trace_id=97 func=ids_receive line=237 msg="send to ips"
id=20085 trace_id=98 func=print_pkt_detail line=4373 msg="vd-root received a packet(proto=17, 192.168.2.10:24290->67.231.8.98:27568) from POE. "
id=20085 trace_id=98 func=resolve_ip_tuple_fast line=4432 msg="Find an existing session, id-0001069f, original direction"
id=20085 trace_id=98 func=__ip_session_run_tuple line=2520 msg="SNAT 192.168.2.10->96.27.253.4:24290"
id=20085 trace_id=98 func=ids_receive line=237 msg="send to ips"
id=20085 trace_id=99 func=print_pkt_detail line=4373 msg="vd-root received a packet(proto=17, 192.168.2.10:24290->67.231.8.98:27568) from POE. "
id=20085 trace_id=99 func=resolve_ip_tuple_fast line=4432 msg="Find an existing session, id-0001069f, original direction"
id=20085 trace_id=99 func=__ip_session_run_tuple line=2520 msg="SNAT 192.168.2.10->96.27.253.4:24290"
id=20085 trace_id=99 func=ids_receive line=237 msg="send to ips"
id=20085 trace_id=100 func=print_pkt_detail line=4373 msg="vd-root received a packet(proto=17, 192.168.2.10:24290->67.231.8.98:27568) from POE. "
id=20085 trace_id=100 func=__ip_session_run_tuple line=2520 msg="SNAT 192.168.2.10->96.27.253.4:24290"
id=20085 trace_id=100 func=resolve_ip_tuple_fast line=4432 msg="Find an existing session, id-0001069f, original direction"
id=20085 trace_id=100 func=ids_receive line=237 msg="send to ips"
 
1257
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.