VoIP Mailing List Archives

[john at simlab.net]

Fortinets have a SIP session-helper. Sometime this causes issues,
try turning it off. To do this you need to enable telnet on the
forinet management interface. Telnet into the cli and type the following

config system session-helper
edit 12
set port 5066
end

Instead of turning this off or taking it out I am changing the port
so it will not affect 5060 anymore. This way you can put it back if
this doesn't work for you.
John Bittner
Simlab.net

-----Original Message-----
I have a customer with a Fortinet Firewall that is having stability
issues with Asterisk and SIP endpoints (PAP2T) outside his network.

The first issue I see is that Asterisk sees all phones as the IP
address of the Fortinet. Since the parameter "localnet" defines the
local network and that address falls in that range, how will Asterisk
treat the endpoints? I have "nat=yes" for all phones and
"canreinvite=no" as well. The "externip" parameter is set to the
outside public IP address. Still we have calls with one way audio.

This is the first setup with a firewall that rewrites the IP address of
the endpoint so I do not know how that is affecting the packet flow. On
my other servers I can always see the public IP of the endpoint.

--
Telecomunicaciones Abiertas de M?xico S.A. de C.V.
Carlos Ch?vez Prats
Director de Tecnolog?a
+52-55-91169161 ext 2001

[peder at networkoblivi...]

FYI, I have probably 10 Fortinet units with multiple SIP phones behind
each and all of the phones work flawlessly. As long as the Fortinet is
ver 3.0 or newer, it does NAT so that you don't need to have nat=yes on
*. No pinholes or static nat or anything, it just works.

As a side note, I probably have 20+ Cisco PIX's with the same setup and
they work flawlessly too. I've seen a lot of people saying "fixup sip"
breaks phones, but not that I have seen. I just let the PIX do nat and
it works fine.

Carlos Chavez wrote: