Hi,This is a question of using Fortigate in the context of allowing in
SIP traffic.But then getting the firewall to dynamically open and close
pinhole ports for RTP under AWSTo try and explain our setup first we
have an AWS EC2 instance that ether re...
For the record I've also tried a couple of other approachesThe first was
a VIP approachSetup a secondary IP address on the WAN interface of the
firewallIn this case 10.40.81.238Point the external IP that was
associated with the SIP server (3.9.196.23...
The next thing I tried was attaching the elastic IP of 3.9.196.238 to
the WAN port of the firewall, then setting up a VIPUnfortunately as I
suspected, AWS is doing DNAT or destination NAT on the packet before it
gets to the wan interface of the firew...
I've uploaded our current config
belowhttps://github.com/Local-Hecatron-BCH/IVRLogs/blob/master/03-09-2024-15-25/FortiGate-VM64-AWS_7-2_1688_202409031510.confAnd
this is the debug
outputhttps://github.com/Local-Hecatron-BCH/IVRLogs/blob/master/03-09-...
In the case of AWS when you assign an elastic ip to any network
interface there's always a one to one NAT that takes place from AWS's
point of view before it reaches insideSo the Fortigate will always see
an internal IP hit it's WAN port for the UDP ...
