3CX phone system + fortiwifi 60cm

Discussion in '3CX Phone System - General' started by fuloperformer, Mar 12, 2012.

Thread Status:
Not open for further replies.
  1. fuloperformer

    Joined:
    Mar 12, 2012
    Messages:
    4
    Likes Received:
    0
    Hi, im having issues with my 3cx phone system

    we purchased a fortiwifi 60cm, but we cannot connect to provider, cannot make or receive calls, the fortinet is in 4.0 MR3 Patch4, otherwise, the firewall policies are in allow all trafic from internal to external and external to internal, but cannot connect to provider server.

    does anyone had an issue like this?
     
  2. lord_thundernuts

    Joined:
    Mar 4, 2012
    Messages:
    6
    Likes Received:
    0
    Are you able to register to your SIP provider?

    Do you have the right ports open on the firewall?

    Are you able to connect to the Internet otherwise through this connection?

    Try using a plain-old Linksys router and see if you can get it to work.
     
  3. fuloperformer

    Joined:
    Mar 12, 2012
    Messages:
    4
    Likes Received:
    0
    With a plain wireless router, it works fine right now, the firewall policies are set to allow all traffic on my network.
     
  4. fuloperformer

    Joined:
    Mar 12, 2012
    Messages:
    4
    Likes Received:
    0
    i run the firewall checker and found this logs

    3CX Firewall Checker, v1.0. Copyright (C) 3CX Ltd. All rights reserved.

    <08:17:59>: Phase 1, checking servers connection, please wait...
    <08:17:59>: Stun Checker service is reachable. Phase 1 check passed.
    <08:17:59>: Phase 2a, Check Port Forwarding to UDP SIP port, please wait...
    <08:18:05>: UDP SIP Port is set to 5060. Response received WITH TRANSLATION 13128::5060. Phase 2a check passed with WARNINGS. Some functionality will be LIMITED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/

    <08:18:05>: Phase 2b. Check Port Forwarding to TCP SIP port, please wait...
    <08:18:09>: TCP SIP Port is set to 5060. Response received WITH TRANSLATION 13128::5060. Phase 2b check passed with WARNINGS. Some functionality will be LIMITED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/

    <08:18:09>: Phase 3. Check Port Forwarding to TCP Tunnel port, please wait...
    <08:18:14>: TCP TUNNEL Port is set to 5090. Response received WITH TRANSLATION 13166::5090. Phase 3 check passed with WARNINGS. Some functionality will be LIMITED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/

    <08:18:14>: Phase 4. Check Port Forwarding to RTP external port range, please wait...
    <08:18:23>: UDP RTP Port 9000. Response received WITH TRANSLATION 65444::9000. Phase 4-01 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <08:18:28>: UDP RTP Port 9001. Response received WITH TRANSLATION 33701::9001. Phase 4-02 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <08:18:32>: UDP RTP Port 9002. Response received WITH TRANSLATION 29606::9002. Phase 4-03 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <08:18:37>: UDP RTP Port 9003. Response received WITH TRANSLATION 29607::9003. Phase 4-04 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <08:18:41>: UDP RTP Port 9004. Response received WITH TRANSLATION 54176::9004. Phase 4-05 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <08:18:46>: UDP RTP Port 9005. Response received WITH TRANSLATION 37793::9005. Phase 4-06 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <08:18:50>: UDP RTP Port 9006. Response received WITH TRANSLATION 33698::9006. Phase 4-07 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <08:18:55>: UDP RTP Port 9007. Response received WITH TRANSLATION 33699::9007. Phase 4-08 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <08:18:59>: UDP RTP Port 9008. Response received WITH TRANSLATION 62396::9008. Phase 4-09 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <08:19:04>: UDP RTP Port 9009. Response received WITH TRANSLATION 25533::9009. Phase 4-10 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <08:19:08>: UDP RTP Port 9010. Response received WITH TRANSLATION 29630::9010. Phase 4-11 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <08:19:13>: UDP RTP Port 9011. Response received WITH TRANSLATION 62399::9011. Phase 4-12 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <08:19:17>: UDP RTP Port 9012. Response received WITH TRANSLATION 37816::9012. Phase 4-13 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <08:19:22>: UDP RTP Port 9013. Response received WITH TRANSLATION 9145::9013. Phase 4-14 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <08:19:26>: UDP RTP Port 9014. Response received WITH TRANSLATION 58298::9014. Phase 4-15 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <08:19:31>: UDP RTP Port 9015. Response received WITH TRANSLATION 29627::9015. Phase 4-16 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <08:19:36>: UDP RTP Port 9016. Response received WITH TRANSLATION 33716::9016. Phase 4-17 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <08:19:40>: UDP RTP Port 9017. Response received WITH TRANSLATION 37813::9017. Phase 4-18 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <08:19:45>: UDP RTP Port 9018. Response received WITH TRANSLATION 41910::9018. Phase 4-19 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <08:19:49>: UDP RTP Port 9019. Response received WITH TRANSLATION 61367::9019. Phase 4-20 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <08:19:54>: UDP RTP Port 9020. Response received WITH TRANSLATION 46000::9020. Phase 4-21 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <08:19:58>: UDP RTP Port 9021. Response received WITH TRANSLATION 46001::9021. Phase 4-22 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <08:20:03>: UDP RTP Port 9022. Response received WITH TRANSLATION 37810::9022. Phase 4-23 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <08:20:07>: UDP RTP Port 9023. Response received WITH TRANSLATION 13235::9023. Phase 4-24 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <08:20:12>: UDP RTP Port 9024. Response received WITH TRANSLATION 29644::9024. Phase 4-25 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <08:20:16>: UDP RTP Port 9025. Response received WITH TRANSLATION 29645::9025. Phase 4-26 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <08:20:21>: UDP RTP Port 9026. Response received WITH TRANSLATION 25550::9026. Phase 4-27 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <08:20:25>: UDP RTP Port 9027. Response received WITH TRANSLATION 61391::9027. Phase 4-28 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <08:20:30>: UDP RTP Port 9028. Response received WITH TRANSLATION 41928::9028. Phase 4-29 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <08:20:34>: UDP RTP Port 9029. Response received WITH TRANSLATION 58313::9029. Phase 4-30 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <08:20:39>: UDP RTP Port 9030. Response received WITH TRANSLATION 46026::9030. Phase 4-31 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <08:20:43>: UDP RTP Port 9031. Response received WITH TRANSLATION 33739::9031. Phase 4-32 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <08:20:48>: UDP RTP Port 9032. Response received WITH TRANSLATION 21444::9032. Phase 4-33 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <08:20:52>: UDP RTP Port 9033. Response received WITH TRANSLATION 61381::9033. Phase 4-34 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <08:20:57>: UDP RTP Port 9034. Response received WITH TRANSLATION 33734::9034. Phase 4-35 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <08:21:01>: UDP RTP Port 9035. Response received WITH TRANSLATION 25543::9035. Phase 4-36 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <08:21:06>: UDP RTP Port 9036. Response received WITH TRANSLATION 37824::9036. Phase 4-37 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <08:21:10>: UDP RTP Port 9037. Response received WITH TRANSLATION 25537::9037. Phase 4-38 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <08:21:15>: UDP RTP Port 9038. Response received WITH TRANSLATION 33730::9038. Phase 4-39 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <08:21:20>: UDP RTP Port 9039. Response received WITH TRANSLATION 62403::9039. Phase 4-40 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <08:21:24>: UDP RTP Port 9040. Response received WITH TRANSLATION 46044::9040. Phase 4-41 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <08:21:29>: UDP RTP Port 9041. Response received WITH TRANSLATION 58333::9041. Phase 4-42 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <08:21:33>: UDP RTP Port 9042. Response received WITH TRANSLATION 62430::9042. Phase 4-43 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <08:21:38>: UDP RTP Port 9043. Response received WITH TRANSLATION 37855::9043. Phase 4-44 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <08:21:42>: UDP RTP Port 9044. Response received WITH TRANSLATION 65496::9044. Phase 4-45 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <08:21:47>: UDP RTP Port 9045. Response received WITH TRANSLATION 62425::9045. Phase 4-46 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <08:21:51>: UDP RTP Port 9046. Response received WITH TRANSLATION 33754::9046. Phase 4-47 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <08:21:56>: UDP RTP Port 9047. Response received WITH TRANSLATION 58331::9047. Phase 4-48 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <08:22:00>: UDP RTP Port 9048. Response received WITH TRANSLATION 41940::9048. Phase 4-49 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/
    <08:22:05>: UDP RTP Port 9049. Response received WITH TRANSLATION 37845::9049. Phase 4-50 check passed with WARNINGS. Some functionality may be IMPAIRED. For more information, please visit http://www.3cx.com/blog/docs/firewall-checker/


    Application exit code is 53
     
  5. tom_ch

    Joined:
    Jul 6, 2011
    Messages:
    69
    Likes Received:
    0
    1) On ingoing rule: Disable NAT

    2) Disable SIP ALG and SIP Session Helper. This can only be done over CLI.
     
  6. fuloperformer

    Joined:
    Mar 12, 2012
    Messages:
    4
    Likes Received:
    0
    1) On ingoing rule: Disable NAT

    do you mean external to internal rule?


    2) Disable SIP ALG and SIP Session Helper. This can only be done over CLI.

    how can i disable it on CLI?
     
  7. tom_ch

    Joined:
    Jul 6, 2011
    Messages:
    69
    Likes Received:
    0
    1) Exactly. Policy from wan to internal, Check "No NAT".

    2)
     
  8. JointTech

    Joined:
    Sep 15, 2011
    Messages:
    10
    Likes Received:
    0
    I'm having the same problem. Fortigate 60C
    I tried that fix but it didnt change anything with the firewall checker.
    I have my phone system external IP in the IP Pool.
    I have a VIP for phonesystem external IP -> phone system internal IP. no port forward.

    I have a rule BroadvoxIpRangeGroup -> PhoneVIP ACCEPT ALL No NAT No UTM
    Broadvoxiprangegroup includes stun.3cx.com and the ipaddress it points to.

    I have a rule phonesysteminternalIP -> wan1 ACCEPT ALL Nat=IP Pool externalIP

    If I go to ipchicken.com it shows the correct external IP.

    pulling my hair out here. any ideas?
     
  9. netswork

    netswork Active Member

    Joined:
    Mar 11, 2011
    Messages:
    577
    Likes Received:
    1
    This should resolve your issue:


    If you run into problems with SIP and H.323 traversing your Fortigate firewalls this may be related to the SIP and H.323 session helpers (i.e. proxies). You can tweak them on the command line only. Here is what a typical configuration looks like:

    config system session-helper
    edit 1
    set name pptp
    set port 1723
    set protocol 6
    next
    edit 2
    set name h323
    set port 1720
    set protocol 6
    next
    edit 3
    set name ras
    set port 1719
    set protocol 17
    next
    *** snip ***
    edit 12
    set name sip
    set port 5060
    set protocol 17
    next
    edit 13
    set name dns-udp
    set port 53
    set protocol 17
    next
    end

    To disable the SIP and H.323 session helpers use the following syntax:

    config system session-helper
    delete 12
    delete 3
    delete 2
    end

    Keep in mind to delete session helpers starting at the highest numbered one. Otherwise you may inadvertently delete the wrong session helpers if you are not careful.

    *****

    Update: In FortiOS 3.0 MR6 and above you should also try the following commands:

    config system settings
    set sip-helper disable
    end

    and

    config system settings
    set sip-nat-trace disable
    end
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Thread Status:
Not open for further replies.