PBX on DMZ Outbound calls work but Inbound Drops after 30 Seconds

rnrstar · March 10, 2026, 10:18pm

I have a Fortigate 60F with FreePBX and is connected to the DMZ.

PBXact 16.0.45

Fortigate v7.2.13 build1762

PBX DMZ IP: 10.10.10.26

Phone subnet: 10.0.90.0/24

IT VLAN Subnet: 10.0.90.0/24

Policies:

DMZ to WAN:

Incoming Interface: DMZ

Outgoing Interface: WAN1

Source: All

Destination: All

Service: All

Action: Accept

NAT: Enabled

IP Pool configuration: Public IP address

Preserve Source Port: Enabled

Policy: IT Subnet to DMZ

Incoming Interface: IT VLAN

Outgoing Interface: DMZ

Source: IT address (10.0.90.0/24)

Destination: PBX Private IP (10.10.10.26)

Service: All

Action: Accept

NAT: Enabled (if disabled, devices on the IT VLAN are not able to communicate with the PBX via HTTPS or SIP)

Problem:

I can make outbound calls without any issues. When I make inbound calls, it works for about 30 seconds before it drops the call. The call drops on the local side but remains active on the inbound device. Typical NAT issue, right? That’s what I thought.
When I disable NAT for the Allow IT to DMZ, it rings on the remote call and goes to voicemail after several rings.

Any suggestions?

Vitaliy · March 10, 2026, 10:29pm

Is sip alg disabled?

TaylorDurden · March 10, 2026, 10:47pm

What does your actual trunk look like? Have you looked at sngrep to examine the headers and options?

Are you using PJSIP trunks?

Rewrite Contact = Yes?

rnrstar · March 11, 2026, 4:18pm

It’s a Twilio Trunk that has been working for years. The two things that changed are replacing the firewall from a Fortigate 60E to a 60F and moving the PBX to the DMZ. Previously, it was on a VLAN.