Hey All,
Need some advice please. Im setting up a new fg-140d and have everything working except my in coming sound on calls is being blocked.
I'm using vip to forward the external ip and ports to my internal cudatel. i can make and receive calls. they can hear me but i cant hear them.
the policy log shows 2 entries one says accept and the other says ip-conn.
Any suggestions? thanks
the diag debug flow command is a very good diagnostic tool. Do a search here and then run the command apply a filter for the traffic that's being block.
What I suspect;
is the pinhole that carries the RTP streams are not being allowed via the VIP
What type of VIP is this ( 1-2-1 or port-forward ) ?
What you probably will need is a sip applicationlayergateway ( ALG ) and apply that to your policy.
PCNSE
NSE
StrongSwan
using port forward on vip.
here is the debug on my cudatel ip.
id=20085 trace_id=88 func=print_pkt_detail line=4373 msg="vd-root received a packet(proto=17, 192.168.2.10:24290->67.231.8.98:27568) from POE. "
id=20085 trace_id=88 func=resolve_ip_tuple_fast line=4432 msg="Find an existing session, id-0001069f, original direction"
id=20085 trace_id=88 func=__ip_session_run_tuple line=2520 msg="SNAT 192.168.2.10->96.27.253.4:24290"
id=20085 trace_id=88 func=ids_receive line=237 msg="send to ips"
id=20085 trace_id=89 func=print_pkt_detail line=4373 msg="vd-root received a packet(proto=17, 192.168.2.10:24290->67.231.8.98:27568) from POE. "
id=20085 trace_id=89 func=resolve_ip_tuple_fast line=4432 msg="Find an existing session, id-0001069f, original direction"
id=20085 trace_id=89 func=__ip_session_run_tuple line=2520 msg="SNAT 192.168.2.10->96.27.253.4:24290"
id=20085 trace_id=89 func=ids_receive line=237 msg="send to ips"
id=20085 trace_id=90 func=print_pkt_detail line=4373 msg="vd-root received a packet(proto=17, 192.168.2.10:24290->67.231.8.98:27568) from POE. "
id=20085 trace_id=90 func=__ip_session_run_tuple line=2520 msg="SNAT 192.168.2.10->96.27.253.4:24290"
id=20085 trace_id=90 func=resolve_ip_tuple_fast line=4432 msg="Find an existing session, id-0001069f, original direction"
id=20085 trace_id=90 func=ids_receive line=237 msg="send to ips"
id=20085 trace_id=91 func=print_pkt_detail line=4373 msg="vd-root received a packet(proto=1, 192.168.2.10:0->67.231.8.98:771) from POE. code=3, type=3, id=0, seq=0."
id=20085 trace_id=91 func=__ip_session_run_tuple line=2520 msg="SNAT 192.168.2.10->96.27.253.4:26012"
id=20085 trace_id=92 func=print_pkt_detail line=4373 msg="vd-root received a packet(proto=17, 192.168.2.10:24290->67.231.8.98:27568) from POE. "
id=20085 trace_id=92 func=resolve_ip_tuple_fast line=4432 msg="Find an existing session, id-0001069f, original direction"
id=20085 trace_id=92 func=__ip_session_run_tuple line=2520 msg="SNAT 192.168.2.10->96.27.253.4:24290"
id=20085 trace_id=92 func=ids_receive line=237 msg="send to ips"
id=20085 trace_id=93 func=print_pkt_detail line=4373 msg="vd-root received a packet(proto=17, 192.168.2.10:24290->67.231.8.98:27568) from POE. "
id=20085 trace_id=93 func=resolve_ip_tuple_fast line=4432 msg="Find an existing session, id-0001069f, original direction"
id=20085 trace_id=93 func=__ip_session_run_tuple line=2520 msg="SNAT 192.168.2.10->96.27.253.4:24290"
id=20085 trace_id=93 func=ids_receive line=237 msg="send to ips"
id=20085 trace_id=94 func=print_pkt_detail line=4373 msg="vd-root received a packet(proto=17, 192.168.2.10:24290->67.231.8.98:27568) from POE. "
id=20085 trace_id=94 func=resolve_ip_tuple_fast line=4432 msg="Find an existing session, id-0001069f, original direction"
id=20085 trace_id=94 func=__ip_session_run_tuple line=2520 msg="SNAT 192.168.2.10->96.27.253.4:24290"
id=20085 trace_id=94 func=ids_receive line=237 msg="send to ips"
id=20085 trace_id=95 func=print_pkt_detail line=4373 msg="vd-root received a packet(proto=17, 192.168.2.10:24290->67.231.8.98:27568) from POE. "
id=20085 trace_id=95 func=resolve_ip_tuple_fast line=4432 msg="Find an existing session, id-0001069f, original direction"
id=20085 trace_id=95 func=__ip_session_run_tuple line=2520 msg="SNAT 192.168.2.10->96.27.253.4:24290"
id=20085 trace_id=96 func=print_pkt_detail line=4373 msg="vd-root received a packet(proto=17, 192.168.2.10:24290->67.231.8.98:27568) from POE. "
id=20085 trace_id=96 func=__ip_session_run_tuple line=2520 msg="SNAT 192.168.2.10->96.27.253.4:24290"
id=20085 trace_id=96 func=resolve_ip_tuple_fast line=4432 msg="Find an existing session, id-0001069f, original direction"
id=20085 trace_id=96 func=ids_receive line=237 msg="send to ips"
id=20085 trace_id=97 func=print_pkt_detail line=4373 msg="vd-root received a packet(proto=17, 192.168.2.10:24290->67.231.8.98:27568) from POE. "
id=20085 trace_id=97 func=resolve_ip_tuple_fast line=4432 msg="Find an existing session, id-0001069f, original direction"
id=20085 trace_id=97 func=__ip_session_run_tuple line=2520 msg="SNAT 192.168.2.10->96.27.253.4:24290"
id=20085 trace_id=97 func=ids_receive line=237 msg="send to ips"
id=20085 trace_id=98 func=print_pkt_detail line=4373 msg="vd-root received a packet(proto=17, 192.168.2.10:24290->67.231.8.98:27568) from POE. "
id=20085 trace_id=98 func=resolve_ip_tuple_fast line=4432 msg="Find an existing session, id-0001069f, original direction"
id=20085 trace_id=98 func=__ip_session_run_tuple line=2520 msg="SNAT 192.168.2.10->96.27.253.4:24290"
id=20085 trace_id=98 func=ids_receive line=237 msg="send to ips"
id=20085 trace_id=99 func=print_pkt_detail line=4373 msg="vd-root received a packet(proto=17, 192.168.2.10:24290->67.231.8.98:27568) from POE. "
id=20085 trace_id=99 func=resolve_ip_tuple_fast line=4432 msg="Find an existing session, id-0001069f, original direction"
id=20085 trace_id=99 func=__ip_session_run_tuple line=2520 msg="SNAT 192.168.2.10->96.27.253.4:24290"
id=20085 trace_id=99 func=ids_receive line=237 msg="send to ips"
id=20085 trace_id=100 func=print_pkt_detail line=4373 msg="vd-root received a packet(proto=17, 192.168.2.10:24290->67.231.8.98:27568) from POE. "
id=20085 trace_id=100 func=__ip_session_run_tuple line=2520 msg="SNAT 192.168.2.10->96.27.253.4:24290"
id=20085 trace_id=100 func=resolve_ip_tuple_fast line=4432 msg="Find an existing session, id-0001069f, original direction"
id=20085 trace_id=100 func=ids_receive line=237 msg="send to ips"
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1063 | |
889 | |
527 | |
441 | |
152 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.