Hello
Is anyone using this unit?
I am having a hard time getting it working.....
I have a dual-wan setup.
voip setup is wan1 > internal > 192.168.1.17
I have a 'Virtual IP's setup for 5060 TCP and 10000-20000 UDP .
And 'Policy' for thise VIP's with high priority.
If anyone has this unit setup correctly, could you share your VIP and Policy setup? And any tips?
thanks
Rob
I'm running VoIP through several 1000A units in transparent mode (no SIP inspection), and a 50B in NAT mode to a server on the internet. Nothing special required so far.
I have not tried running a server behind the a FortiGate unit (on an internal/private network).
Make sure you are running the latest firmware on the FortiGate. I've had problems with SIP in the past during testing with the older firmware versions.
Would it be possible for you to allocate a whole IP address for the machine? That way you could set up one Virtual IP to direct all traffic to the internal IP (static NAT), and not have to deal with setting up port forwarding rules.
Trixbox it's own i/p address.
In that case I'd put it on the DMZ?
Do you know where transparent mode is set ?
transparent mode, as the entire device is either NAT or Transparent..
I'd need 2 units to do that.
the other option would be to connect Trixbox directly to the cable modem and give it 1 of the 5 fixed i/p addresses. then use a seperate i/p address for the fortigate.
but that is not the most secure way to do things...
I currently have Trixbox running behind PFSense .. I am checking out Fortigate as I thought it would be easier to use for 1- a dual lan 2- support. My assumptions may have been wrong.
Is anyone using Fortigate in NAT mode with Asterisk?
If you have a support plan through Fortinet, I'd hit their support forums. Lots of people who are running VoIP for office environments hang out there, and may be able to help with your configuration.
All of our SIP phones are behind a NAT, FWIW. Fortigates are in NAT mode for the networks that host our SIP phones.
Hey there,
We run a fortigate 50B router at our office, with a trixbox server behind NAT. Ports 5060, and RTP 10000-20000 are forwarded to trixbox. No other configurations necessary, and it works great!
could you give me some more info:
- what is your setting at: System>Config>Operation ? [ NAT or Transparent]
- at Firewall>Virutal IP:
do you have 10000-20000 setup there? if so UDP or TCP?
- for Policy, do you use NAT or not?
any other info you could think of please post..
thanks
Rob
I am switching over to a fortigate 60 and can not get it working either. I thought it would be best to put my Trixbox into the DMZ network along with my phones, please take a look at my network and config setting in the diagram link below,,, and any information this setup would be appreciated.
http://jman76.fileave.com/fortigate.jpg
Chris VB:
Are you using any ecternal SIP phones in your config? I have a dozen or so internal SIP phones (Aastra/X-lite spftphones) that all communicate fine inside the firewall and can call outbound via my Voicepulse trunk however I am having issues with my remote SIP phones passing audio. The remote x-lite clients register fine and I have ports 5060 and 9710-20000 open to the txboxpro system via a VIP but a sniff of the traffic showed the remote clients passing their private IP so my router has no idea where to send the packets. The sad part is this was all working great when I had my Adtran F/W in place but needed the dual WAN capability.
Please let me know. This is starting to wear on me as the FG folks said their box was fully SIP ready. I am finding otherwise.
We've been having alot of problems with Fortigates and SIP.
The fortigate is messing with sip traffic.
After some research we finaly got a solution.
In the CLI of the fortigate type the following:
config system settings
set sip-helper disable
set sip-nat-trace disable
Reboot the device
In the CLI type the following:
Config system session-helper
show
(now look for SIP, mostly it will be "12")
delete 12
Don't use any protection profiles on the firewall of the sip rules.
We solved the no sound problem, bad sound problem
Youre done,
Ok. youre done
Copyright © 2011 Fonality
Fonality and trixbox are trademarks of Fonality. Trademark Policy. Privacy Policy.
Asterisk is a trademark of Digium, Inc. Fonality and trixbox are not affiliated with, nor endorsed by Digium, Inc.
Member Since:
2007-08-01