Configuring Fortigate Firewall for VentureTel service

Configuring Fortigate Firewall for VentureTel service

There are issues with the NAT configuration on Fortigate Firewalls, while the Firewall is supported, users with these devices will likely run into the following issues using a phone behind a Fortigate:
Dropped calls
  1. One way or no way audio 
  2. Potential device registration issues
  3. Duplicate SIP Ports and port shuffling

To mitigate some of these issues, Strict Register should be disabled to stop all phones from using a pinhole through port 65476 (external) and 5060 (internal).

Delete SIP Firewall

Access the CLI cosole in the device GUI bu clicking >_ near the upper right hand corner 

  1. In the Command Line Interface (CLI) run the following commands:
    • config system session-helper
    • show

  2. Notice that edit 13 contains SIP.
  3. Enter the following commands:
    • delete 13
    • end

Disable SIP Helper

  1. In the Command Line Interface (CLI) run the following commands:
    • config system settings
    • set default-voip-alg-mode kernel-helper-based
    • set sip-helper disable
    • set sip-nat-trace disable
    • end

  2. Reboot the router using the web GUI under Status, or in the CLI with the following command:
    • execute reboot

Configure Traffic Shaping and VoIP

  1. In the web GUI, go to System > Feature Select > Additional Features.

  2. Toggle Traffic Shaping and VoIP on.
  3. Click Apply.

Disable Strict Register

Strict Register forces VoIP devices through a pinhole at port 65476 and will cause duplicate porting to occur.
To disable this setting run the following command in the Command Line Interface (CLI):
  1. config voip profile
  2. edit "Profile Name"
  3. config sip
  4. set strict-register disable
  5. end

Note: The VoIP profile name can be found under Security Profile -> VoIP. Please note if these settings do not persist through a reboot a factory reset or other troubleshooting steps may be needed on the Fortigate itself with Fortigate support.

    • Related Articles

    • Testing and Understanding Your VentureTel E911 Service

      Importance of Accurate E911 Information Maintaining accurate E911 location information is crucial for prompt emergency response. Always keep your address updated in VentureTel's system. How to Test Your E911 Address Do NOT dial 911 for testing. This ...
    • SonicWall firewall VoIP configuration

      The default firewall settings on SonicWall firewalls may cause issues with VentureTel VoIP traffic.  Some issues you may see are: Problems with phone registrations Dropped calls Phones not ringing One-way audio The TZ400 is an exception to this ...
    • What's the process of moving my phone service to VentureTel

      When you are ready to move to VentureTel, we’ll help you through every step of the process.  Here is the process we typically take once you say “set me up!"  First, we’ll have you register and fill out some paper work online so we can initiate the ...
    • VentureTel e911 Policy

      Summary E911 connects your phone number to your physical address for fast emergency response. You MUST provide VentureTel with your accurate, up-to-date address. Update this information immediately whenever you move. E911 may not work during power ...
    • Configuring Dell Sonic Wall for VentureTel VoIP

      Step 1: Go to VoIP > Settings.  Step 2: Check Enable Consistent NAT, uncheck/disable everything else. Step 3: Click  Accept to save the settings.