IMPORTANT NOTE - If you are sending your voice traffic over a route based IPSec VPN, the WAN interface you'll be referencing will the the name of the VPN interface (for example DCtoSF instead of WAN1).
I put together this list of CLI commands to enter on a Fortigate firewall to give VOIP traffic priority. Some instructions may vary based on your setup, but I took most of these from Fortigate cookbooks and then fixed all the typos. I use the CLI commands because the GUI (my preference) didn't have all the options where they were supposed to be in my test box. I tested this on Fortigate 40C running version 5.0 of the firmware.
config firewall shaper traffic-shaper
edit voip
set maximum-bandwidth 1000
set guaranteed-bandwidth 800
set per-policy enable
set priority high
end
then
config firewall policy
edit 6
set srcintf internal
set srcaddr all
set dstintf wan1
set dstaddr all
set action accept
set schedule always
set service SIP
set traffic-shaper voip
set traffic-shaper-reverse voip
end
Please also note these steps for disabling SIP ALG and other processes to allow VOIP phones behind a Fortigate firewall.
1 comment:
Post a Comment