If anybody has seen my previous posts, I’m a noob and new to networking and PBX in general. Just bare with me.
We have recently changed over our ISPs and have a new network installed. Went from Comcast to ATT, and from a 192.168.1.0/24 to a 10.1.14.0/24, along with a new Fortigate firewall.
We had a fully configured PBX 100 and switched it over, and everything was going smoothly.
So far, the biggest problem is no audio coming on either end of the calls, and only inbound calls are working. The changes that have been made thus far include:
Appropriate ports are opened and forwarded to PBX (5060, 10000-20000, 84, and 1194 for vpn)
After module/system updates, our Contact IP has changed in SIPStation settings to our internal address, and it says we’re still registered and pass the firewall status.
When pressing ‘Detect Network Settings’ in Asterisk SIP settings, it times out and gets ‘empty reply from server’, so we manually enter it in and it accepts it. (In case this might be related)
SIP session helper and ALG have been disabled on firewall.
firewall has appropriate NAT settings
System version: 12.7.6
PBX version: 14.0.13.6
Fortigate version: 6.0.6
I think that’s mostly it. Please let me know if anybody needs more information.
You know in your other post about this change there was no mention of an existing or new firewall (Fortigate) being used. Which means that when you said you were switch from Comcast to ATT and had to update your LAN network tends to imply that you were getting DHCP from their modem/router.
However, if you had an existing firewall or even were installing this new one that means you have full control over your LAN network and didn’t even need to change it from a 192.168.1.0/24 to 10.1.14.0/24.
Now you have ATT → Fortigate → LAN network so that leads to more questions.
Where is the Layer 3 being done for this? Is the WAN IP on the ATT device or is the WAN IP on an interface on the Fortigate?
What is actually handling the DHCP? ATT or Fortigate?
We control the DHCP from the Fortigate to the internal network, and yes, we didn’t have to change it, but we needed to change it, since we will be connecting networks across an IPSEC tunnel, and we already have a 192.168.1.0/24 network at another location. Having two of those networks will cause problems.
The old network we had with Comcast has a fortigate firewall behind it, but we have installed a newer fortigate behind the ATT modem.
Layer 3 is being done by a Ruckus switch sitting in front of the Fortigate, and connected to the ATT modem. We also have layer 3 ruckus switches behind the Fortigate.
DHCP is being handled by the Fortigate
We are handling the firewall, with a layer 3 ruckus switch in front of it to route to the ATT modem because ATT did not provide a router like they usually do, so we routed it ourselves with the ruckus switch.
I’ve found that with Fortigates, you need to disable SIP ALG if you haven’t already. It can only be done in the CLI on the Fortigate. Also, I’d be sure you’re allowing your RTP ports through your Fortigate.
EDIT: I don’t know how I missed that you already have done this. Ignore me.