We have a new NEC SV8100 that is behind our corporate firewall that I have having trouble connecting to using an IP phone. The corporate firewall is a Fortigate 200A with virtual IPs mapping the ports needed to the SV8100. NATP is enabled on the SV8100. When testing this configuration I can successfully connect an IP phone from the outside to the phone system. I’ve also tested the configuration with the IP phone behind a Netgear FVG318 firewall with success. I am having trouble connecting the IP phone to our SV8100 when the phone is behind a Fortigate 60 firewall. Here’s the config:
Phone system – NEC SV8100 running 3.12a code
Corporate firewall – Fortigate 200A running 4.0 build 185 (MR1 Patch1)
Virtual IPs mappings: (note: VOIP 1-3 are all using the same public IP address)
VOIP1 -> 192.168.X.40 udp 5080-5081
VOIP2 -> 192.168.X.41 udp 10020-10051
VOIP3 -> 192.168.X.42 udp 10052-10083
Inbound rule from wan2 to internal1
From any to VOIP-Group all ports
Remote Office firewall – Fortigate 60 running 3.00 build 753 (MR7 Patch 9).
SIP helper has been disabled
SIP nat-trace has been disabled
SIP session helper #12 has been deleted
A protection profile for VOIP has been created and added to the outbound rule on the FG60.
When the phone is plugged in it attempts to connect to the SV8100 and eventually errors out with “Cannot contact SIP server” message.