J G
asked on
Are outbound packets being dropped? How can I tell?
I am converting to SIP at a company site. I set up the fortigate 60d identical to another one of our company sites where SIP is already implemented.
The SIP Cloud provider tells me that the firewall is not "passing confirmation packets the phone system (PBX) sends out when it detects an incoming call",
and this is causing their system to transfer the call to our failover number.
I have opened up all requested ports (TCP/UDP etc), configurd policy,and QOS to high priority- everything they suggested, and as I mentioned earlier, it is configured exactly like our other site's fw.
I suspect it is a configuration with one of their servers. In any case, Logging for all events is enabled in the firewall policy. How can I tell if the firewall is blocking/not passing back the confirmation packets they SIp provider mentions?
The SIP Cloud provider tells me that the firewall is not "passing confirmation packets the phone system (PBX) sends out when it detects an incoming call",
and this is causing their system to transfer the call to our failover number.
I have opened up all requested ports (TCP/UDP etc), configurd policy,and QOS to high priority- everything they suggested, and as I mentioned earlier, it is configured exactly like our other site's fw.
I suspect it is a configuration with one of their servers. In any case, Logging for all events is enabled in the firewall policy. How can I tell if the firewall is blocking/not passing back the confirmation packets they SIp provider mentions?
kevinhsieh
Can you sniff the traffic either at the firewall or between the firewall and your ISP?
Are there any differences as to how SIP is implemented at each site? Start there. But then you also should also verify the configuration of the firewall. Sniffing traffic as previously mentioned will also help tremendously. Also look at firewall logs.
it might be useful is the service provider can provide you with a trace from a working site, and a trace from the non working site for you to compare.
Although the service provider is saying that the PBX is "not sending confirmation packets", could it be that the PBX is not seeing the inbound call at all ?
Although the service provider is saying that the PBX is "not sending confirmation packets", could it be that the PBX is not seeing the inbound call at all ?
ASKER
I made a call, the phone rings but voice doesn't go thru and call goes to fail over. I did a wireshark and filtered "SIP"
I see 1 entry,
source ip (SIP Cloud)---> destination ip (PBX), Request: INVIT sip: 8319993600@1xx.xxx.xxx.xxx
So.... Is it safe to say this is a PBX issue? Calls are hitting the PBX (phone rings) but I see no other SIP Protocol outbound entries in the firewall after.
I see 1 entry,
source ip (SIP Cloud)---> destination ip (PBX), Request: INVIT sip: 8319993600@1xx.xxx.xxx.xxx
So.... Is it safe to say this is a PBX issue? Calls are hitting the PBX (phone rings) but I see no other SIP Protocol outbound entries in the firewall after.
Which PBX are you using? If it has logs you may get some clues.
ASKER
ESI, provider says the PBX is responding after he looked at the logs. Is there anyway I can see this in Wireshark?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.