No inbound audio behind Fortinet Firewall

Discussion in '3CX Phone System - General' started by tribeca2007, Apr 11, 2008.

Thread Status:
Not open for further replies.
  1. tribeca2007

    Joined:
    Apr 11, 2008
    Messages:
    1
    Likes Received:
    0
    Hi,

    We are currently having problems with inbound audio or incoming external calls when we use the 3CX PBX behind our Fortigate FG50B so was wondering if anybody has had any success with the 3CX system behind a Fortinet device.

    We are using sipgate.co.uk as a voip provider for our external calls.

    We have a Netgear DG834 Router with ZEN providing our ADSL line

    Everything works OK when the 3CX system is hanging straight out the back of the ADSL Router. Things start to go wrong when we introduce the Fortagte 50B

    We have a static IP address

    We have opened all the recommended ports from 3CX point of view and sipgate's point of view as far as we know.

    We have set up virtual ip's for each port range and added it to the inbound policy

    Ports open inbound are

    5060 UDP
    9000 - 9015 UDP
    7000 - 7500 UDP
    5481 TCP - Management consol
    5004
    10000 UDP

    We have even as a quick test opened all ports on the Firewall TCP/UDP and are still unable to dial in or recieve inbound audio.

    Outbound calls work but with no inbound audio

    We have ensured that the firewall uses a fixed port

    We have also turned off the SIP helper on the Fortinet box using the CLI

    The 3CX Firewall checker does not complain of any issues

    I would be very grateful for any help!
     
  2. tunesteve

    Joined:
    Mar 6, 2013
    Messages:
    1
    Likes Received:
    0
    i have the same problem - any update on this tread
     
  3. geoff.jukes

    Joined:
    Apr 10, 2013
    Messages:
    14
    Likes Received:
    0
    Hi,

    I just had this issue, and solved it by selecting 'Enable NAT' in the Policy.

    Kind regards,

    Geoff
     
  4. alexgosset

    Joined:
    Apr 16, 2013
    Messages:
    6
    Likes Received:
    0
    Hi all,

    On my side, I'm working with a fortigate 60C, OVH as VOIP Provide, and all is working fine.
    I've configured a virtual IP (on fortigate side) for 5060 TCP/UDP , 9000-9049 UDP, 5090 TCP/UDP .
    For info, I get on way audio issue, and it was resolved by setting the Static Public IP (in Settings/network and STUN Server Tab). I've checked "turn off STUN requests" and set my public IP.

    Please try, and keep me informed.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. netswork

    netswork Active Member

    Joined:
    Mar 11, 2011
    Messages:
    577
    Likes Received:
    1
    If you run into problems with SIP and H.323 traversing your Fortigate firewalls this may be related to the SIP and H.323 session helpers (i.e. proxies). You can tweak them on the command line only. Here is what a typical configuration looks like:

    config system session-helper
    edit 1
    set name pptp
    set port 1723
    set protocol 6
    next
    edit 2
    set name h323
    set port 1720
    set protocol 6
    next
    edit 3
    set name ras
    set port 1719
    set protocol 17
    next
    *** snip ***
    edit 12
    set name sip
    set port 5060
    set protocol 17
    next
    edit 13
    set name dns-udp
    set port 53
    set protocol 17
    next
    end

    To disable the SIP and H.323 session helpers use the following syntax:

    config system session-helper
    delete 12
    delete 3
    delete 2
    end

    Keep in mind to delete session helpers starting at the highest numbered one. Otherwise you may inadvertently delete the wrong session helpers if you are not careful.

    *****


    config system settings
    set sip-helper disable
    end

    and

    config system settings
    set sip-nat-trace disable
    end
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. netswork

    netswork Active Member

    Joined:
    Mar 11, 2011
    Messages:
    577
    Likes Received:
    1
    Do you have a static IP just for the PBX or only one static IP on your fortigate WAN interface?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Thread Status:
Not open for further replies.