SIP Trunk, Firewall remapping ports 1

[dsm600rr]

Hello all,

I am in the process of setting up a Demo SIP Trunk for a customer and the firewall guy seems to be having some issues figuring out what is going on so I thought I would consult with the Gurus here.

IPO is sending out on port 5060, however the SIP Provider is seeing the ports being remapped from 5060 from the Firewall. He said SIP ALG is disabled.

2020-11-03 12:48:58 -0500 : 65.31.XXX.XXX:65476 (Firewall) -> 104.219.XXX.XXX:5060 (SIP Provider)
REGISTER sipursipprovidor.com SIP/2.0Via: SIP/2.0/UDP

They have a fortinet fwf60

Thoughts?


ACSS

 

[janni78]

In Fortigate there should be an option to "Preserve Source Port" on the NAT settings for the policy.

"Trying is the first step to failure..." - Homer

 

[janni78]

Also, have they turned off ALG manually?

Otherwise it is enabled per default in Fortigate and you either delete the ALG rule or define a specific for the SIP trunks to not use ALG.

"Trying is the first step to failure..." - Homer

 

[dsm600rr]

janni78: I will find out tomorrow - much appreciated.

ACSS

 

[icet500]

Do you have issue registering the sip trunk? most of the provider would not care of your source port but double check with them.

Also you can search for static nat or one-to-one nat for your firewall. I am sure you will find one.
or try what janni78 suggested.