Link to home
Start Free TrialLog in
Avatar of danbrown_
danbrown_Flag for United States of America

asked on

Failing ALG SIP test for new VoIP phone system

Hello Experts - I'm preparing my network for a new VoIP phone system from 8x8 and have been running into a problem during testing.  One of the tests checks to see if SIP ALG is disabled and I am continually failing this one with the following error:

Failed to connect to the ALG test server <8.28.0.12:5060> [errno 10060]

I have a 50mb MPLS circuit connected to a Cisco 2820 router from the ISP which in turn is connected my Fortinet 90D firewall.  The ISP router is supposed to pass all traffic unmolested to my firewall.  I looked up commands to disable SIP ALG and ran the following commands per Fortinet support:

#config system settings
#set sip-helper disable
#set sip-nat-trace disable
#end
Reboot the FortiGate device.
> Reopen the CLI and execute these commands:
#config system session-helper
#delete 13
#end
Finally, to disable SIP ALG, set SIP ALG mode to kernel:
#config system settings
#set default-voip-alg-mode kernel-helper-based
#end

Despite the configuration update the test continues to fail.  I also tried disabling the Windows firewall entirely on the test machine but that didn't help.  If I connect to a wireless hotspot on my phone I am able to run the test successfully.  I'm stuck at this point and unsure what else I can try here.  I have a call scheduled with the carrier this afternoon just to triple check that they aren't doing anything with SIP traffic and I don't think that will be the case.  Any advice is greatly appreciated!
SOLUTION
Avatar of masnrock
masnrock
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Along the path Arne is pointing to. You disabled alg on the fortigate.
Connect a system before the fortigate into the Cisco and test from that side.
That will confirm whether the issue is on the Cisco or between Cisco/fortigate and fortigate based on the typo msa Rock pointed out.
Does the Cisco passing a public ip to the fortigate?
Double check whether you have qos defined on the Cisco to ptioritize voice (sip,h.232, etc.) over all other possibly including limiting how much bandwidth non voice can consume..... Same on the fortigate.
Avatar of danbrown_

ASKER

Ok, thanks guys.  I'll plan some downtime so I can put a sniffer between the cisco and the fortigate to see if the problem persists.