One Way VOIP Audio Quick Fix

Hey Guys, my fat butt keeps saying "hosted" when talking about on-prem. That's my bad! What VOIP setups do you run and what types of issues are you running into?

Great video! Your solution is helpful. As an MSP, we often deploy Thirdlane Multi Tenant PBX (hosted) with hardware like Yealink and Cisco (Thirdlane is excellent for MSPs due to their great support and margins). Your fix has significantly aided our techs in resolving audio issues. Thanks!

Oh I had those happen so much... I always did the same solution as the internet suggested like you did here but this is the first time I got some explanation here what's going on. Thanks!

Nice timing, thanks Mike! We just did our cutover this past weekend (6 FGs, FAZ, FMG, and EMS) and I've gotten a few reports of dropped calls from outside callers. We host our Callmanager onsite with SIP trunks coming through (now) the FG 200F so I was just getting ready to start digging into debugging the problem. Now I'm going to follow your suggestion and see if it eliminates the problem.

Thank you very much for this, I deployed an IPSec SD-WAN last week and have been facing a one-way voice issue. I have a hosted YearStar Pbx and phones powered by a cisco 9200 Switch. I hope to do the test tomorrow again and see how it goes. Fingers crossed.

Thanks for making this video. I wish I had seen this about 6 months ago. We went to a Mitel phone system which used a larger number of ports that fall out of the default port range (~10,000 lower from memory) and we had to.change the proxy helper mode after researching the issue for a couple of weeks. I can get the specifics when I'm in the office if you'd like :-)

I love the slogan. :-D
"If (Fortinet) Support was good, I would be broke"

Thanks for possible I have seen this issue before. Thanks for one solution to try .

Thank you. helped also a lot on a hosted pbx and a fortigate with os 7.0.0. we had some difficulties with the quality in the first 5 seconds of the connection. This advice solved this. Great.

if you are using a Panasonic system KX-NS and up. Take off the h323, the mgcp and the sip

Bro thanks this video 100% worked for me. I’m a voice guy. Thanks again

When I was working for VoIP PBX manufacturer as support we often recommended either disabling or enabling SIP ALG, most of the time disabling it. Another thing would be double NAT due to poor quality of local ISPs (often those were smalls wisps) or due to client using LTE router with their own second router but no bridge, where double NAT came from.

Thanks, please also create the (promised) more involved/detailed video about fortunate & voip. Best regards!

Couple of extra settings that have helped me with VOIP issues are
config system settings
set sip-nat-trace disable
set sip-help disable (Setting was removed in 6.2 onwards *i think*)
end
config voip profile
edit default
config sip
set status disable
end
end

Been there done that with ALG. Nice Tenable shirt also.

Hi, I have a freeppx behind Fortigate, I did port forwarding though I have no audio whatsoever!

I really like this video!!! help me to fix all my voip issues with fortigate

Can confirm, this will fix this issue and sip drops with nec PBX systems. Specifically the sv8500 and sv9500 systems. They both will get really intermittent performance with the alg set to proxy. Deleting the session helper was necessary too. I ran into this a little over a year ago and it drove me up a wall.

Have a on prem pbx looks to be using port 10000. Session helper was kernel based and session 13 was already cleared. Seeing latency and jitter on internal and external calls. Also on a side note I have a third party nms that’s showing broadcast storms on my fortilink vlan. These are used of course as uplink but I feel it may also impact voip quality

Please upload a video of Link aggregation between Cisco Meraki switches and Fortinet Firewall

Those should be the default config of the Fortigate. Whenever a customer tell me that he will be running SIP throught the network, I change those options.

Can you tell some troubleshoot steps for ghost calls.
We used custom ports instead of 5060

Testing many times it works !

I'm looking to stand up some sort on an on prem pbx like asterix or something like that with a couple of phones. Would like to see what you put up in your lab.

It Will be great to fix an issue with a Panasonic KX-NS700 and no-way audio
Recently moved from the PFsense to Fortigate 7.0.1
In PFsense there were just port-forwarding rules to make phones works
UDP 2727,9300 -> int. PBX IP - it is for signalling, allow phones to be registered
UDP 16000-16511 -> int. PBX SUBCARD IP - actually voice streaming
Created the same VIPs and policies in Forti, got phones successfully connected and registered, phones are able to dial int and ext phone numbers but there is no sound at all.
Fix from this video does not resolve my issue.
Any thoughts on how to fix it?

I have issues with wifi calling at home -- nothing custom, but I get audio cut off in and out. sounds like packet drops where voice just fades away and drops off here and there. something tells me I need QoS setup for this.

Seeing this issue with one of our deployments. 3 offices and a colo facility. Offices had sonicwalls and MPLS and everything worked fine. Replaced office sonicwalls with Fortigates (colo is still a sonicwall) and seeing one way audio issue with our SIP conference phones. If user calls any ext within an office from SIP conf phone everything is fine. Issue happens only when calling another office extension from SIP conf phone where we get one way audio. Outside calls from SIP Conf phones is fine as well. Using Mitel system. The conference phone model is UC 360 if that helps. Tried setting the mentioned settings on all of the office Fortigates. Issue persists. The PBX is located behind the Sonicwall at the colo facility. Any ideas?

Hi There, would be interested to know how you resolved this issue with a PBX hosted on premise using custom sip ports? Thanks.

Hi Mike, how are you?, do you have any video about QoS?... i want configure it for SSL-VPN connection and prioritize the quality for Microsoft teams and zoom meeting

Hello, how do I configure my VOIP telephony in fortigate version 7.0.5? I can't configure!

Hi Mike, I disabled the SIP-ALG but the customer is still experiencing the issues as they hosted a JIVE cloud PBX and was advised to enable the NAT Keep-alives and to increase SIP UDP timeouts to a minimum of 90 sec. However, their recommendation would be 300 seconds or longer. ( If the UDP timeout is set to lower, not receive any incoming calls and all calls will be directed to the vociemail )
But I checked that the UDP idle timer is set to 180 seconds.
Can you please advise me on this?

Thanks mike great video. Question
Where can I find info regarding the recommended users per each firewall. For example. On the 60F the max recommended users is X.
Not sure if this is a thing with fortinet but it’s on my correct vendor and I don’t like it at all. One of the reason why I’m moving away from them.

Hello, Have you had any audio issues with Grandstream GRP 2615 phones using Fortinet Firewall and switches? Do we need to make any changes on the FortiGate switches or the IP Phones?

dear mike,
please i am having issue with SIP VOIP on fortinet,
i have followed the tutorial and disable the alg sip and switched to kernel mode but still the call center are not receiving calls.
please what do i do?

I've got another question for you. Why does one need appliances to enable security? Shouldn't it be possible that it's all just software and maybe even cloud-based? E.g. Barracuda is rolling out cloud-based SD-WAN, why wouldn't that happen with anything security related going forward?

Dear kindly i need your help find the below Cisco cme configuration my question is when i call from 300 extension to 307 it should be both SIP and sccp phone ring together
voice register dn 3
number 307
voice register pool 3
id mac ABCD.13AD.1306
number 3 dn 3
ephone-dn 2 dual-line
number 307
ephone 2
device-security-mode none
mac-address C062.6B62.7D57
type 7942
button 1:2

hi i currently have GAMMA sip trunks and they basically 'lock out' and i cant make or receive calls to the on site pbx. If i reset firewall it comes to life and works fine as long as calls are being processed. When the system becomes idle the lines 'lock up' again. i have removed SIP ALG but the 'pinhole' to keep alive keeps on closing, do you have any help or advice

I have an on prem Voip System on a separate Vlan with the Fortigate in between. I have 3-4 phones out of 200 that gets one way audio could this help or would everyone get one way audio?

Hi, do you know if there is a problem with this fix if „Central NAT“ is used?
Thanks a lot.

iam ne to that but all service are ok olny pbx i cant reach though fortinrt firewall

Cool.

Hello Guru, I do not have personal access to the internet router/modem - will I be able to disable SIP ALG? Clients cannot hear me on one app (one-way audio), and on another app, calls are oftentimes dropping... It's getting crazy over here. I was told to disable SIP ALG in order to resolve the issue, however, I am currently tethering a phone data plan to my MAC to work from home (will not have router access/private internet for a few weeks more) - thanks, man!

Do I need a reboot after this?

i use pbx out of my office and when i open by http iget it but my extention cant connect my firewall fortinet 100f am new in fortinet

Hi, thank you for the video. I have another issue: when using sd-wan with dua-home ISP and primary link goes down the Voip phones stuck on No service for two minutes due to session table pronlem. Do you have any solution for that? Thank you!

Hello sir I need some practices tool software for configure fortingate firewall please help

But how does voip works if pbx is on cloud and ip phones have private ips behind fortigate ? Disabling alg or session helper would block incoming traffic.

Do you have a "default config" you use for ensuring your whole network is set up for VOIP traffic (ie. 1 universal config for any VOIP provider) or do you set each vendor up differently? Would love to understand the process (not just learn the steps) of setting your network up with the best possible VOIP settings from FortiGate to FortiSwitch to FortiAP.

We have Cisco phone system when first installed FortiGate we changed both of these settings and have had no issues. But after upgrading from 6.2.6 (with no issues) to 6.4.3 and also attempted 6.4.4 we have had issues. Most issues are a normal working call droppes to one way audio. The other end can't hear us. We have our Cisco phone system in house. Our SIP provider tells us we are dropping packets. Bandwidth, CPU all looks good no issues. Even contacted ISP no issues. Multiple calls to Fortigate is not getting my anywhere. We do have SD wan and thought that was is but forced SIP to only use one port and still no go. Any suggestions? We have a 301E. Last step is to setup span ports and record traffic on a few laptops for a day and see if I can find any packets that are not getting passed on.

I disable ALG as a rule if voice is involved on the LAN

It keeps giving me command error??

Would this possibly help with an issue where users VOIP from a Jabber smart phone has a bit of delay from their SSL VPN connections? I've found this delay is enough for most users to give up and switch to just forwarding calls to their cells. I thought maybe this was just poor enough internet connection that the latency is noticeable but do you think this setting could be related?

I have another issue, incoming calls drop after 30 seconds using FG200E, have you any video about this, please?

Hi
Disabling sip alg
Still getting one way audio on ip phones from time to time.
Using on prem lg pabx registered to sip server via fg100e.
Using custom sip ports for rtp.
Any suggetions ?

1/100 is a lot of complaints.

Other then your boldness saying that ALL Fortinet support sucks (honestly it is hard to find good and loyal talent BUT I know first hand Fortinet puts 200% into vetting the best it can get in a very competitive market of limited talent)...this is a VERY long winded way of getting to the point. I have been supporting the Fortinet phone system since Talkswitch days (9 plus years) so I am kinda an authority on this. If I was allowed to make support videos for Fortinet products (conflict of interest and all that) I would give you an example of a better explanation. Either way your technical is on point but your 'getting to the point' needs bit of fine tuning. Cheers and all the best in your ventures.

Uh for y’all’s non techs wth is he saying??? I need help!!

👍