Sangoma Connect won't register after when using Fortinet/ FortiGate Firewall

truevalueIT · July 31, 2023, 8:47pm

Hello all!
I recently configured and installed my fortinet FortiGate 60F firewall with my pbx system connected on the VoIP interface.

After installation I am now unable to use the sangoma talk app. I have opened the required ports (RTP, 5061, 5060) however, the device fails to register (both locally and externally)

I followed another post which recommended to disable sip ALG (this was also done)

Here are the logs:

2023-07-31T20:40:08.441Z (1690836008441522)
Sip::Registration::onTransportError
Correlation Id: SiphoneUserAgent[104865000]SipUserAgent[104866200]
State: Registering
Retry: No
Error: GENERIC(3): Subcomponent Failure
In ali_net_connection2.cpp:457
ALI-SOCKET(4): Cannot Connect
In ali_net_tls_socket_impl2.cpp:802
Note: Remote Address: xxxxxxxxxxxxxx
TLS-ALERT(40): Handshake Failure (40)
In ali_protocol_tls_client.cpp:1684

2023-07-31T20:40:08.441Z (1690836008441552)
Sip::Registration::setState
Correlation Id: SiphoneUserAgent[104865000]SipUserAgent[104866200]
Current State: Registering
Next State: Error

getCurrentState: return state: Error
REGSTATECHANGED, current=Error
isCommunicationAllowed: network=Cellular
isCommunicationAllowed: effective transport Unspecified
2023-07-31T20:40:08.442Z (1690836008442703)
DialogSubscriptionAgentSeparate::resetDialogEvents_Basic
Reset Type: Soft
Active Subscription Count: 0
Pending Subscription Count: 0
Active:
Pending:

AgentWithRegistration::scheduling reconnect with timeout of 4000 ms
getCurrentRealState: return state: Error
getCurrentState: return state: Error
2023-07-31T20:40:08.442Z
onRegistrationStateChanged, accountId=0GMlnAlCFhX6jnsV
getCurrentState: return state: Error
getCurrentState: return state: Error
isCommunicationAllowed: network=Cellular
isCommunicationAllowed: effective transport Unspecified
getCurrentState: return state: Error
getCurrentState: return state: Error
isCommunicationAllowed: network=Cellular
isCommunicationAllowed: effective transport Unspecified
getCurrentState: return state: Error
getCurrentState: return state: Error
isCommunicationAllowed: network=Cellular
isCommunicationAllowed: effective transport Unspecified

Any help with this would be greatly appreciated.

spioli · July 31, 2023, 10:34pm

Granted that the proper port-forwarding rules are in place, SIP ALG AND SIP Helper need to be disabled.

truevalueIT · August 3, 2023, 3:42pm

Anyone with a Fortinet FortiGate Firewall experiencing this issue?

truevalueIT · August 8, 2023, 1:00pm

UPDATE:

After some digging, I was able to address the issue by switching the transport from tls to udp and it now works. I applied some hardening to the policy. Thank you for your help.

system · August 15, 2023, 1:01pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.