Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Secucard
New Contributor III

Created on ‎03-24-2025 04:29 AM

ZTNA with SIP over TCP

Hi,

 

I am getting serious crazy with an issue with ZTNA.

Setup: I have two Fortigate, (Site A) and a Fortigate (Site B) with an IPSEC-Tunnel between.

I know I have to work with ZTNA IP pool to reach out a destination on Site B.

I want to have port 5060 (TCP) reachable over a TCP ZTNA Setup. I know, I have to setup Endpoints on the EMS, too.

Fortigate does have FortiOS 7.2 running the latest Patch, EMS 7.4.1 on the Cloud.

 

Test: Port 3306 for MySQL: works (TCP, not encrypted)
Test: Port 22 for SSH, works
Test: SIP, TCP 5060, DOES NOT WORK

 

I already disabled the SIP helper and tried with other incoming ports, nothing works. TCP with SIP works on the local VLAN indeed.

 

If there is anyone with a good idea, I am here ;)

 

Thanks

Labels:
92
0 Kudos
1 REPLY 1
AEK
SuperUser
SuperUser

Created on ‎03-24-2025 05:46 AM

Hi Secucard

What do you mean by "does not work"? Do you have SIP TCP connection established but no RTP (voice)?

I find the idea of RTP over ZTNA not obvious at all, and probably not conceivable (just my opinion).

AEK
AEK
73
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.