Wednesday, August 27, 2014

Configuring VOIP priority on a Fortigate firewall

IMPORTANT NOTE - If you are sending your voice traffic over a route based IPSec VPN, the WAN interface you'll be referencing will the the name of the VPN interface (for example DCtoSF instead of WAN1).


I put together this list of CLI commands to enter on a Fortigate firewall to give VOIP traffic priority.  Some instructions may vary based on your setup, but I took most of these from Fortigate cookbooks and then fixed all the typos.  I use the CLI commands because the GUI (my preference) didn't have all the options where they were supposed to be in my test box.  I tested this on Fortigate 40C running version 5.0 of the firmware.

config firewall shaper traffic-shaper
edit voip
set maximum-bandwidth 1000
set guaranteed-bandwidth 800
set per-policy enable
set priority high
end


then

config firewall policy
edit 6
set srcintf internal
set srcaddr all
set dstintf wan1
set dstaddr all
set action accept
set schedule always
set service SIP
set traffic-shaper voip
set traffic-shaper-reverse voip
end


Please also note these steps for disabling SIP ALG and other processes to allow VOIP phones behind a Fortigate firewall.

1 comment:

Unknown said...
This comment has been removed by a blog administrator.