Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
supportombm
New Contributor III

Wrong interface and Weird SNAT on SIP

I've already posted but with no answers.

SD-WAN with 2 wan enabled.

WAN1 IP 10.0.0.2

WAN2 IP 10.0.1.2

Here debug wuth filtering ip of pbx and port 5060

Traffic with manual sd-wan rule forcing use wan1 debug https://ibb.co/LSh4583

Traffic with manual sd-wan rule forcing use wan2 debug https://ibb.co/tK7cxyg

As you see in wan1 everything works great. packet SNAT outbound and packet DNAT inbound

In debug with wan2  i can see only SNAT and as you can see the IP 10.0.0.2 it's the wan1 ip, but in the session fortiview it show wan2, and obviusly all traffic of the office goes with no problem on 10.0.1.2. 

The problem is that with 5060 the traffic goes on wrong IP and the pbx can't register ONLY IF USING WAN2. If using wan1 the SIP goes straight with no problem.

It's not urgent but if wan1 fails they cannot make or receive phone calls

 

1 REPLY 1
lobstercreed
Valued Contributor

Hi Mattia,

 

So I'm not really the best person to respond since I haven't used SD-WAN yet, but just looking at the debug it sounds like it's doing what you programmed if you have a rule telling it to use wan1 for SIP traffic?  Maybe I'm misunderstanding.

 

Another possibility is that you're using Central SNAT or using a specific IP Pool object for the outbound policy that allows the SIP traffic.  What you want is a policy that says to use the outgoing interface NAT.

 

I could probably figure it out if you wanted to provide more of your config, and/or do a screen-share.  DM me if so.

 

Thanks - Daniel

Labels
Top Kudoed Authors