Configuring Fortigate Firewall for VentureTel service
There are issues with the NAT configuration on Fortigate Firewalls, while the Firewall is supported, users with these devices will likely run into the following issues using a phone behind a Fortigate:
Dropped calls
- One way or no way audio
- Potential device registration issues
- Duplicate SIP Ports and port shuffling
To mitigate some of these issues, Strict Register should be disabled to stop all phones from using a pinhole through port 65476 (external) and 5060 (internal).
Delete SIP Firewall
Access the CLI cosole in the device GUI bu clicking >_ near the upper right hand corner
- In the Command Line Interface (CLI) run the following commands:
- config system session-helper
- show
- config system session-helper
- Notice that edit 13 contains SIP.
- Enter the following commands:
- delete 13
- end
- delete 13
Disable SIP Helper
- In the Command Line Interface (CLI) run the following commands:
- config system settings
- set default-voip-alg-mode kernel-helper-based
- set sip-helper disable
- set sip-nat-trace disable
- end
- config system settings
- Reboot the router using the web GUI under Status, or in the CLI with the following command:
- execute reboot
Configure Traffic Shaping and VoIP
- In the web GUI, go to System > Feature Select > Additional Features.
- Toggle Traffic Shaping and VoIP on.
- Click Apply.
Disable Strict Register
Strict Register forces VoIP devices through a pinhole at port 65476 and will cause duplicate porting to occur.
To disable this setting run the following command in the Command Line Interface (CLI):
- config voip profile
- edit "Profile Name"
- config sip
- set strict-register disable
- end
Note: The VoIP profile name can be found under Security Profile -> VoIP. Please note if these settings do not persist through a reboot a factory reset or other troubleshooting steps may be needed on the Fortigate itself with Fortigate support.
Related Articles
Testing and Understanding Your VentureTel E911 Service
Importance of Accurate E911 Information Maintaining accurate E911 location information is crucial for prompt emergency response. Always keep your address updated in VentureTel's system. How to Test Your E911 Address Do NOT dial 911 for testing. This ...SonicWall firewall VoIP configuration
The default firewall settings on SonicWall firewalls may cause issues with VentureTel VoIP traffic. Some issues you may see are: Problems with phone registrations Dropped calls Phones not ringing One-way audio The TZ400 is an exception to this ...What's the process of moving my phone service to VentureTel
When you are ready to move to VentureTel, we’ll help you through every step of the process. Here is the process we typically take once you say “set me up!" First, we’ll have you register and fill out some paper work online so we can initiate the ...VentureTel e911 Policy
Summary E911 connects your phone number to your physical address for fast emergency response. You MUST provide VentureTel with your accurate, up-to-date address. Update this information immediately whenever you move. E911 may not work during power ...Setting Up Linphone on Your Mobile Phone
Linphone is a free, open-source app that lets you make voice and video calls over the internet using your phone's data or Wi-Fi connection. This guide will walk you through setting up Linphone on your mobile device. Download and Install Linphone ...