Audio thru the teleworker stopped after re IP of the public IP

[bolsen6581]

We have a fairly complex network so i'll try to lay it out as best I can
>40+ locations
>Some sites are on MPLS
>Some sites are site to site VPNs if MPLS isn't available or if it's a smaller office
>2 Datacenters on MPLS
>2 vMCD servers clustered 1 at each datacenter (Running latest MiVoice)
>2 MBG servers 1 at each datacenter (Running latest MSL/MBG)
>2 MSL SIP Proxy servers 1 at each datacenter (Running latest MSL/MBG)
>What vMCD users are setup depends on geographical barrier we've established
>MBG used in rare cases for remote home users or at the smaller sites with VPN's so that the phones aren't using the VPN tunnels for voice
>Mostly Fortinet Firewalls but I am not sure the version they are running
>Teleworker is in LAN mode behind firewall
>Virtual IP's on Firewall perform a NAT to the Private IP on Teleworker

Issue: Teleworker phones boot and connect to teleworker server and vMCD but have lost audio in both directions when calling other extensions internally or when placing calls out on the SIP Trunks

Important: This has been working for over a year through several upgrades and multiple IP changes. We recently changed the public IP on the Firewall and that is when the issue started

Note: On the Firewall it's just a matter of changing an address object which basically filters down automatically to any rules in the firewall or it's just a matter of updating the virtual IP based on my understanding. We also have other apps/web servers setup in this same fashion that are not having issues after the change.

What I've done;
1. Rebooted the Teleworker
2. Cleared the service link and resynced to the AMC
3. Verified the read only fields in the telework are showing the new public IP that was changed on the firewall
4. Verified that the Set side streaming address is the public IP and the ICP side streaming address is the private IP
5. Connected phone to the teleworker and placed a test call both to/from the teleworker phone to both internal/external numbers- Phones ring and connect......just no audio


I am at a loss here because there really isn't anything that needs to change on the MBG and based on what I've done I almost feel it's a software issue with the Fortinet. I am hoping someone has had a similar issue and there is some documented quick trick to fix this. Something documented from either Mitel or Fortinet would be awesome!




-I can explain it to you but I can't understand it for you.

 

[Billz66]

check set side streaming address on MBG

I always set them to custom mode and force internal external addresses

If I never did anything I'd never done before , I'd never do anything.....

 

[bribob]

Clarify this statement please:

Important: This has been working for over a year through several upgrades and multiple IP changes. We recently changed the public IP on the Firewall and that is when the issue started

Does that mean that you've changed the MBG private IP address multiple times and this is the first time you've changed the public IP address of the VIP on the FG?

Have you switched providers in the DC or are you using a different address block with the same provider?

Without rebooting the FG, you can clear all the sessions by specifying the source IP (private IP of MBG) and destination port (WAN). Clear the sessions then repeat by specifying the destination IP (Private IP of MBG) and source port (WAN).
diag sys session filter <filter options>
diag sys session list
diag sys session clear

If you did a provider swap, they might be doing something silly like blocking RTP.. You can also sniff the FG WAN interface to confirm that it is receiving the RTP packets from the Teleworker phone
diag sniff packet <port name> 'host <IP of TW phone> and udp'

If RTP is coming through to the FG WAN interface, repeat the sniff on the FG LAN interface and confirm it's getting through the FG. If it is, sniff from the MBG to confirm it's receiving.

Sorry, can't reference any documentation for you..


-b