Can't transfer FreePBX calls over VPN from Polycom phone using Fortinet firewalls.

OAC Technology
OAC Technology used Ask the Experts™
on
Hi,

We recently replaced our Cisco firewalls with Fortinet firewalls. The firewall at the site having the problem is a FortiGate 30D. The firewall at our main site is a FortiGate 70D. They are connected via Site to Site VPN. All traffic is allowed to pass between sites. We have a FreePBX Asterisk system at our main site (behind the 70D) and the phones there work just fine. However, we have a remote Polycom VVX410 at the site with the 30D which connects through the VPN to our FreePBX system. When that phone picks up an incoming call and tries to transfer it, the call gets stuck in a perpetual hold and it can no longer be accessed. That phone can also no longer see the BLF lights when other users are on the phone. These all worked prior to putting in the FortiGate.

I have disabled SIP-helper, sip-nat-trace and RTP on the FortiGate and reboot with no change. What can be done to get this phone working properly again?

Thank you
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Does it happen when the remote user first presses the TRansfer key, or once it completes and presses transfer the second time?
OAC TechnologyProfessional Nerds

Author

Commented:
I'll have to double check on that. I know that the BLF lights on the phone are also greyed out and do not work.
OAC TechnologyProfessional Nerds

Author

Commented:
As for transferring, when he pushes the transfer button and dials an extension, he gets a message that states "transfer failed." And then the call is still listed on his phone, but he cannot pull it back. The phone rings at the person's desk where the call was transferred, but all they hear is hold music when they pick up the call (or silence). Then the call is lost in a black hole until they hang up.
Learn SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

Its a complicated behavior mostly due to the vendor specific way of handling the transfer, to which I am not very related with.

I guess if you can debug the asterisk (core set verbose 9 / core set debug 9 / sip set debug on) plus collect a sniffer trace from the IP Phone, I might be able to help you decode what is happening at both ends. You may want to inveestigate if the Polycom device has logging of its own to help clarify.
To me it sounds as if some SIP signal is getting dropped somewhere, taking into account the new firewalls, and that is causing the phone to hang.
Professional Nerds
Commented:
It looks like this has been resolved. I used the following in the FortiNet CLI:

config system settings
set sip-helper disable
set sip-nat-trace disable
end
config system session-helper
show
(Locate the SIP entry number)
delete #   (where # is the SIP entry number)
config voip profile
edit default
config sip
set rtp disable
end
(reboot the device)

After the device restarted, we restarted the phone and everything worked.

Thank you
OAC TechnologyProfessional Nerds

Author

Commented:
Found solution

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial