Remote Polycom IP phones will not re-register when internet is lost and comes back
Hi,
We have a Polycom SoundPoint IP 350 and a 450 at a remote office that connect to a FreePBX 2.11/Asterisk 11.7 box in our main office. The two sites talk using a site-to-site VPN via our FortiGate 30E firewalls. When the two remote phones register across the VPN, everything works great and there are no problems. However, if the internet goes out at the remote site, which it does often, the remote phones will never try re-registering again. Even restarting the phones by power cycling them does not let them re-register again. The two things I've found that works is to either upgrade OR downgrade the firmware by 1 version, or to restart the firewall at the remote office.
I've updated the firmware on both Polycom phones to the latest versions, applied the latest firmware to both firewalls (we have other remote sites that do not have this issue) and made sure that SIP ALG and VOIP application control are disabled on both firewalls. I can consistently reproduce the issue by unplugging the modem (not the firewall) at the remote site and then plugging it back in. When internet comes back up, the phones will not be registered and will never try registering again until the firewall is restarted or firmware version is changed. I've also played around with registration expiration and timeout settings on the phones, but this doesn't seem to work, either.
I'm thinking this may be a FortiGate firewall issue, but it's strange that my other 3 remote sites (using the same firewalls) do not have this issue. Does anyone have any ideas on things to try?
Thank you
We have a Polycom SoundPoint IP 350 and a 450 at a remote office that connect to a FreePBX 2.11/Asterisk 11.7 box in our main office. The two sites talk using a site-to-site VPN via our FortiGate 30E firewalls. When the two remote phones register across the VPN, everything works great and there are no problems. However, if the internet goes out at the remote site, which it does often, the remote phones will never try re-registering again. Even restarting the phones by power cycling them does not let them re-register again. The two things I've found that works is to either upgrade OR downgrade the firmware by 1 version, or to restart the firewall at the remote office.
I've updated the firmware on both Polycom phones to the latest versions, applied the latest firmware to both firewalls (we have other remote sites that do not have this issue) and made sure that SIP ALG and VOIP application control are disabled on both firewalls. I can consistently reproduce the issue by unplugging the modem (not the firewall) at the remote site and then plugging it back in. When internet comes back up, the phones will not be registered and will never try registering again until the firewall is restarted or firmware version is changed. I've also played around with registration expiration and timeout settings on the phones, but this doesn't seem to work, either.
I'm thinking this may be a FortiGate firewall issue, but it's strange that my other 3 remote sites (using the same firewalls) do not have this issue. Does anyone have any ideas on things to try?
Thank you
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Sure, try it out.
ASKER
Enabling dead peer detection and lowering the key lifetimes has done the trick. Thank you for the help
You got it bro!
ASKER
I think you're right on the VPN timers. The VPN re-establishes, but weird stuff happens, such as peers not reaching other peers randomly across the connection for a short while. I've enabled dead peer detection and lowered the SA key lifetime to 1 hour to see if that helps. I noticed that when I changed this to 8 hours, the phones re-registered after 8 hours of idle time after the internet went down.
Thanks for the ideas. I'll see how this works