Inbound calls on SIP Trunk work about 50% of the time (behind firewall) 1

[dsm600rr]

Hello all,

I have a new client on our SIP Trunk and he is now reporting issues were about 1/2 the calls will ring into the office, and 1/2 will ring on his cell phone (SIP Trunk Failover)

All outbound calls work.

Now, I am assuming this is probably Firewall Related, however just looking for some ammo when I go to the clients tomorrow with the Firewall Admins. Of course they are saying its not the Firewall and it must be the IPO.

Their Firewall is a FortiGate 60F

Thoughts?

ACSS

 

[pccsipoffice]

I have a few thoughts.
Do not rely on someone else to configure the Firewall for SIP most don't know or don't care.
Step one, get the customer to give you the firewall login and password.
Step two do an internet search of the sip settings for the specific fire wall with or without your specific SIP carrier.
Step three if you are skilled at firewall settings do the changes yourself but remember to reset the power to the router
after you make changes.
If all else fails and you are confident in a "different" firewall or router that you know how to work with have them
put a new one in that works.
Hope that helps.
One more thing, always set up the ip office and test it before making a cut over to the new sip lines. This really
help you out of these sticky situations.

http://WWW.MC-COMMUNICATIONS.NET

 

[dsm600rr]

I ended up adding in 44sec to the Binding Refresh Time and on my tests, 100% of the calls worked.

This client was kind of an interesting situation. We installed his IPO and SIP Trunk 6mo ago. Because of COVID he just now opened his business and thats then the issue was found.

When we tested 6mo ago, there were no issues. Not sure if something was updated on their Firewall in that time, and if so they will never admit it anyway, so I didn't even ask.

ACSS

 

[nnaarrnn]

Step one, get the customer to give you the firewall login and password.

Just throwing out there that this isn't always possible. Almost all of our Managed Services clients choose to HaaS all of their hardware; meaning they don't have access to the firewall, as they don't own it. We do.

Step three if you are skilled at firewall settings do the changes yourself but remember to reset the power to the router
after you make changes.

What? Why? If you have to reset power to a router after a change, you need a different router. (We're talking about firewalls, but your context seemed to interchange the two terms)

If all else fails and you are confident in a "different" firewall or router that you know how to work with have them
put a new one in that works.

Fortigate is pretty awesome. The only other options in that class would be a SonicWall, Sophos, or a Palo Alto.

If a phone tech is in this predicament, and whoever manages the firewall isn't helpful or knowledgeable, then the phone tech needs to get their own firewall and WAN IP address to have whoever manages the network to route the voice vLAN through the different firewall TEMPORARILY to prove whether or not its the existing firewall causing the problems. Then everybody can work together to find a solution.