One-X Mobile and Communicator behind Frotinet Firewall

[bluemr2]

I'm trying to install One-X Mobile and Communicator behind a Fortinet firewall. All the correct ports are being forwarded to both the IP Office and One-X Portal server. Both One-X and Communicator are showing correct presence information, but when I make a call, the far end will answer, but the app will continue to ring. I had this working on a Cisco ASA that was out there, but they replaced it with the Fortinet. Any advice?

 

[kyle555]

saw the same with a juniper firewall. It was a sip application layer gateway that's on by default and half works but isn't configured.

If you trace, you'll see IPO sending a 200OK and if you trace from your communicator, you'll never see it get there.

And the firewall guy will say he has no special rules to drop and he'll watch it and see nothing dropped - which is true, he just won't see that it went thru the SIP application layer gateway that dropped it due to it not being configured - which is different than a firewall rule being triggered.

 

[IPOfficeGuru]

We never open the firewall to port forward to the One-X and/or IP500/SIP. Always recommend to use a VPN App on the phone, ahead of the One-X Preferred app. We learned the hard way early on with a customer that did not want to heed our recommendations. They ended up with a hacked system. For the cost of a SSL/VPN license - its well worth it and easier to setup as not NAT/forwarding programming is required on the Firewall.

"Never fear billing a client for services rendered, or they will think your time is worthless"

 

[kyle555]

Well, to be fair, my customer did have remote workers on a SBC for outside stuff. My example was on a site to site VPN for a new branch and involved e129s too. But yea, point well taken