[asterisk-users] NAT issue with Fortinet Firewall
John Bittner
john at simlab.net
Fri Apr 11 19:00:30 CDT 2008
Fortinets have a SIP session-helper. Sometime this causes issues,
try turning it off. To do this you need to enable telnet on the
forinet management interface. Telnet into the cli and type the following
config system session-helper
edit 12
set port 5066
end
Instead of turning this off or taking it out I am changing the port
so it will not affect 5060 anymore. This way you can put it back if
this doesn't work for you.
John Bittner
Simlab.net
-----Original Message-----
I have a customer with a Fortinet Firewall that is having stability
issues with Asterisk and SIP endpoints (PAP2T) outside his network.
The first issue I see is that Asterisk sees all phones as the IP
address of the Fortinet. Since the parameter "localnet" defines the
local network and that address falls in that range, how will Asterisk
treat the endpoints? I have "nat=yes" for all phones and
"canreinvite=no" as well. The "externip" parameter is set to the
outside public IP address. Still we have calls with one way audio.
This is the first setup with a firewall that rewrites the IP address of
the endpoint so I do not know how that is affecting the packet flow. On
my other servers I can always see the public IP of the endpoint.
--
Telecomunicaciones Abiertas de México S.A. de C.V.
Carlos Chávez Prats
Director de Tecnología
+52-55-91169161 ext 2001
More information about the asterisk-users
mailing list