Fortinet white logo
Fortinet white logo

FortiVoice Phone System Administration Guide

Working with FortiVoice profiles

Working with FortiVoice profiles

The Phone System > Profile tab lets you create user privileges and SIP profiles for configuring extensions and SIP trunks. It also allows you to modify caller IDs, schedule the FortiVoice unit, and configure phone and LDAP profiles.

This topic includes:

Configuring SIP profiles

Configure the supported phone features and codecs and apply them to the extensions and SIP trunks.

Note

Communicate with your VoIP service provider because the profile settings are subject to the capabilities of the VoIP service provider. For example, if some of your features and codecs are not supported by your VoIP service provider, they will not work even if they are enabled or selected in the SIP profile.

The default SIP profiles can be edited but cannot be deleted.

For information on extensions, see Configuring Extensions.

For information on SIP trunks, see Configuring Trunks.

To configure a SIP profile

  1. Go to Phone System > Profile > SIP and click New.
  2. Configure the following:

    GUI field

    Description

    Name

    Enter a name for this profile.

    DTMF

    Select the dual-tone multi-frequency (DTMF) method used by the VoIP provider. Options are RFC2833, Inband, and Info.

    Keep alive

    Enable and enter the time interval in seconds for the FortiVoice unit to talk to the SIP server of your service provider to keep the connectivity and check its capability.
    Keep alive value must be between 30 and 600.

    NAT

    Select if the VoIP service provider supports SIP NAT translation.

    T.38

    Select if the VoIP service provider supports fax over VoIP network.

    Transport

    Transport: SIP commonly uses TCP or UDP port 5060 and/or 5061. Port 5060 is used for non-encrypted SIP signaling sessions and port 5061 is typically used for SIP sessions encrypted with Transport Layer Security (TLS).

    Enable the protocols as required.

    This option, if applied to a user, overrides the system-wide transport settings . For more information, see Configuring SIP settings.

    Secure RTP: Select to provide encryption, message authentication and integrity, and replay protection to the FortiVoice Real-time Transport Protocol data.

    Codec

    Select the audio and video codecs supported by the VoIP service provider. Among the selected ones, choose the preferred one for the VoIP provider. The preferred codec is usually the most used one in your area and provides the best quality of communication.

    If your preferred codec is different from that of your VoIP service provider, the service provider’s codec will be used as long as it is one of your supported codecs.

  3. Click Create.

Modifying caller IDs

You can change the phone number, caller’s name, or both that will appear on the destination phone.

Caller ID modifications are used when configuring dial plans. For more information, see Configuring Call Routing.

To modify a caller ID

  1. Go to Phone System > Profile > Caller ID Modification.
  2. Click New and configure the following:

    GUI field

    Description

    Name

    Enter the name for this caller ID modification record.

    Match number

    Enter the extension number or number pattern you want to modify.

    For example, you can enter 8134 to modify a single extension, or 81xx to modify all the four-digit numbers starting with 81.

    Number Modification

    If you have entered a number or number pattern in Map to new number field, configure the following values to modify it:

    • Strip: Enter a number to hide the starting part of an extension from displaying. 0 means no action.
    • For example, if your Match number is 8134 and Strip is 2, only 34 will be displayed as caller ID.

    • Truncate: Enter a number to hide the ending part of an extension from displaying. 0 means no action.
    • For example, if your Match number is 8134 and Truncate is 2, only 81 will be displayed as caller ID.

    • Prefix: Add a number before an extension.
    • For example, if your Match number is 8134 and Prefix is 5, the caller ID will be 58134.

    • Postfix: Add a number after an extension.
    • For example, if your Match number is 8134 and Postfix is 5, the caller ID will be 81345.

    Match option

    Select the way to match a call with caller name and number in order to modify call number or caller ID.

    • Match Number or Name: If the number is matched, modifications will be done based on Number Modification configuration. If the name is matched, modifications will be done based on Map to new caller ID name configuration.
    • Match Number then Name: If the number is matched, modifications will be done based on Number Modification configuration. If both the number and name are matched, modifications will be done based on Map to new caller ID name configuration.
    • Match Name then Number: If the Name is matched, modification will be done based on Map to new caller ID name configuration. If both the name and number are matched, modifications will be done based on Number Modification configuration.
    • Match Number and Name: If both the number and name are matched, modifications will be done based on Number Modification and Map to new caller ID name configurations.

    Match caller ID name

    Enter the caller ID that you want to map to another one.

    Caller IDs are created when configuring SIP extensions. See Configuring IP extensions.

    Map to new caller ID name

    Enter the new caller ID name that you want to map to the one entered in the Match caller ID name field.

    Block caller ID

    Select to stop your caller ID from displaying on the destination phone.

  3. Click Create.

Mapping a group of extensions to a caller ID name

If you want to map a group of extensions to a caller ID name, you can use the pattern for the extensions to do so.

For example, if you have a technical support team that has 10 extensions (8100-8110), instead of displaying each extension when making calls, you can just display one caller ID name “Support” for the whole team.

To map a group of extensions to a caller ID name

  1. Go to Phone System > Profile > Caller ID Modification.
  2. Click New.
  3. In the Match new number field, enter the pattern of the extensions, such as 81xx.
  4. In the Match option field, select Match Number or Name.
  5. In the Map to new caller ID name field, enter the caller ID name to which you want to map, such as “Support”.
  6. Click Create.

Configuring phone profiles

Phone profiles contain the phone configurations that are mostly used and customized, such as the programmable phone keys. Phone profiles make extension configuration more flexible because phone users are allowed to choose the profile they want. In addition, any changes the administrator makes to a profile is automatically applied to the extensions that use the profile. For more information, see Configuring IP extensions.

The phone profiles configured here appear as Admin defined profiles when you configure a SIP extension.

To configure a phone profile

  1. Go to Phone System > Profile > Phone.
  2. Click New and configure the following:

    GUI field

    Description

    Name

    Enter a name for the profile.

    Phone model

    Select a phone model for the profile.

    Time format

    Select the time display format on the phone.

    North American: mm/dd/yyyy

    International: dd/mm/yyyy

    Phone book

    Select Local only to include the phone directory on this FortiVoice unit, and Global to include the phone directories of any remote FortiVoice units connected to this unit.

    For information on phone directories, see Viewing call directory.

    Phone language

    Select the language display on the phone.

    Description

    Enter any notes you have for this profile.

    VLAN

    You may need to deploy phones using the existing IT infrastructure which only has one network drop for each employee. The network switch supports 802.1Q VLAN tagging and LLDP-MED. Some phones such as FortiFones have two network ports: LAN and PC. The recommended solution is to connect FortiFones to the switch using LAN port and connect the computer to the PC port of FortiFones. VLAN tag needs to be enabled to segregate FortiFone voice network and PC data network.

    Option

    If you select Manual, configure the following:

    Enable VLAN tagging for voice: Select to enable VLAN tagging to segregate FortiFone voice network and PC data network.

    Voice VLAN ID: Enter your organization’s VLAN ID for voice.

    Priority for voice: Enter the traffic service level recommended by the IEEE. Each number represents a traffic type. The range is from 0-7, with 7 being the highest.

    • 0: Background
    • 1: Best Effort
    • 2: Excellent Effort
    • 3: Critical Applications
    • 4: Video, < 100 ms latency and jitter
    • 5: Voice, < 10 ms latency and jitter
    • 6: Internetwork Control
    • 7: Network Control

    Enable VLAN tagging for data: Select to enable VLAN tagging to segregate PC data network and FortiFone voice network.

    Voice VLAN ID: Enter your organization’s VLAN ID for data.

    Priority for data: Enter the traffic service level recommended by the IEEE. Each number represents a traffic type. The range is from 0-7, with 7 being the highest.

    • 0: Background
    • 1: Best Effort
    • 2: Excellent Effort
    • 3: Critical Applications
    • 4: Video, < 100 ms latency and jitter
    • 5: Voice, < 10 ms latency and jitter
    • 6: Internetwork Control
    • 7: Network Control

    If you select LLDP (Link Layer Discovery Protocol), the FortiVoice unit automatically generates the configuration file. You need to enable LLDP support on your network switch.

    Automatic Configuration

    Display option

    Select what to display on the extension: the extension user’s name only or name and number.

    Digit map pause timer

    Enter the digit map timeout in seconds which defines the waiting time between the completion of dialing number entering and initiating the call.

    For example, if you enter 5 and use the default digit map syntax, the phone will initiate a call 5 seconds after you finish entering the dialing number.

    Intercom barge

    If you select FortiFone-175, 375, or 475 for Phone model, you can enable intercom barge to allow intercom drop-in in a phone conversation.

    Screensaver timer

    Select the screen saver time for the phone model you selected. This option varies for different phone models and is not available for all phone models.

    Button transparency

    If you select FortiFone-570 for Phone model, select the percentage of phone buttons’ background color transparency.

    Backlight time

    Set the phone backlight time to illuminate the screen in low light conditions.

    Hangup delay

    Set the delay time to disconnect calls after hanging up.

    This option does not apply to all models.

    Use pound(#) as dial or send key

    Enable if required.

    This option does not apply to all models.

    Popup missed call

    Enable if required.

    This option does not apply to all models.

    Keep alive

    Enter a value for FortiFone to send a packet to the FortiVoice unit at the interval of the entered keep alive value to keep the firewall ports open at all time. This is to ensure that calls are not missed due to the registration time change for external IP extensions.

    For example, if you enter 40, FortiFone will send a 2 byte packet every 40 seconds to keep the firewall ports open.

    This option does not apply to all models.

    External keep alive

    This option is available when you select FortiFone-X80 for Phone model.

    For external FortiFone-X80 extensions, the default keep alive option is 40 seconds. This is to ensure that calls are not missed due to the registration time change for external IP extensions.

    DST type

    Set the Daylight Saving Time for the phone. This option does not apply to all models.

    • Disabled: DST on the phone is disabled.
    • Automatic: DST on the phone is automatically set based on your location.

    Hotel

    If you select FortiFone-H35 for Phone model, enter the hotel contact information and instructions on how to dial rooms, local, long distance, and international number.

    You may also select the font color for the call display.

    Soft Button In Idle Status

    Optionally, enable the 4 soft buttons and make them functional in idle status.

    This option does not apply to all models.

    Phone Password

    Enter a password for the phone users to access their phone web GUIs and configure the advanced settings on the phones.

    This only applies to the supported phones.

  3. Click Create.

Configuring programmable keys profiles

The Programmable Keys submenu lets you configure the programmable keys for FortiFones. For FortiFones with expansion modules or multiple key pages, you can select the module or page to program the keys.

After a programmable keys profile is applied to an extension, the keypad programming is always the same regardless of the phone for the extension.

To configure a programmable keys profile

  1. Go to Phone System > Profile > Programmable Keys.
  2. Click New.
  3. Enter the profile name, select a phone type, enter any notes you have for the profile, and click Create.
  4. Double-click the profile you created and configure the following:

    GUI field

    Description

    Provisioning lines

    Select the phone lines you want to reserve. For example, if you select 2 for this phone, number 1 and 2 on the keypad become reserved for phone lines.

    Number of expanded modules

    Select the number of expanded modules for the keypad.

    This option only appears for certain FortiFone models.

    Number of pages to be used on this phone

    Select the number of pages for the keypad.

    This option only appears for certain FortiFone models.

    Base/Page/Expanded Module

    Fields display depending on the phone model.

    Option

    The keypad number of the phone.

    Mode

    Select User to allow users to configure the programmable keys on the web user portal.

    Select Admin to configure the programmable keys here.

    Function

    Select the function assigned to this key.

    Resource

    For some functions, you need to enter the information in this field based on your phone configuration. For example, if you select function Line appearance for key 3, select what the line is for in this field.

    Label

    For some functions, you can add a explanatory label for the key.

  5. Click OK.

Programmable keys descriptions

Function

Description

Resource

Label

Call forward

Allows you to enable or disable and configure the Call Forward feature.

Stays blank.

Edit the label or keep the default label (Call forward).

DTMF

When you are on a call and you press the DTMF key, the system dials the configured DTMF digits.

This key is useful when you need to enter consistent codes at an interactive voice response (IVR) system.

Note

The DTMF function is only available during a call.

Enter the DTMF

digits to dial when you press this programmable key on your phone.

Edit the label or keep the default label (DTMF).

Extension appearance

Allows you to quickly monitor the selected extension.

Select an extension from the list.

Edit the label or keep the one associated with the selected extension.

Intercom

Allows you to use the phone speaker of a local extension as an intercom.

Note

This function works for internal extensions only.

Stays blank.

Edit the label or keep the default label (Intercom).

Line appearance

Allows you to monitor the status of a line (available, busy, or on hold).

Select a line.

Edit the label or keep the one associated with the selected line (or trunk).

Park

Places the call into the first available call park slot. You will hear a prompt telling you which slot the call has been parked in.

Stays blank.

Edit the label or keep the default label (Auto park).

Park appearance

Monitors the selected call park slots, informing you if there is a call parked.

Select the park slot to monitor.

Edit the label or keep the one associated with the selected line (or slot).

Reserved for line

By default, the FortiVoice phone system reserves the first two programmable keys for lines on the phone so you can monitor your own calls on those lines.

If your phone has additional lines, then you can use the Reserved for line function to program the appearance of those lines.

If multiple accounts have been configured on this extension, choose which account to monitor.

Edit the label or keep the one associated with the selected line (or account).

System speed dial

Allows you to quickly place a call to the selected extension or phone number at a touch of a button.

Make a selection.

Edit the label or keep the one assigned by the FortiVoice system administrator.

Twinning

Allows an external phone to ring along with your office phone, so you can answer the call at either phone. Pressing the Twinning programmable key enables or disables the feature.

Before using this function, make sure that a profile (with twinning enabled) is applied to the extension.

Stays blank.

Edit the label or keep the default label (Twinning).

User speed dial

Allows you to quickly place a call to the selected extension or phone number at a touch of a button.

Select a contact from your speed dial list.

Edit the label or keep the one associated with the selected contact.

Configuring LDAP profiles

The LDAP submenu lets you configure LDAP profiles which can query LDAP servers for authentication.

Caution

Before using an LDAP profile, verify each LDAP query and connectivity with your LDAP server. When LDAP queries do not match with the server’s schema and/or contents, unintended phone call processing behaviors can result.

LDAP profiles each contains one or more queries that retrieve specific configuration data, such as user groups, from an LDAP server. The LDAP profile list indicates which queries you have enabled in each LDAP profile.

To view the list of LDAP profiles, go to Phone System > Profile > LDAP.

GUI field

Description

Profile Name

The name of the profile.

Server

The domain name or IP address of the LDAP server.

Port

The listening port of the LDAP server.

Auth

Indicates whether User Authentication Options is enabled.

Cache

Indicates whether query result caching is enabled.

(Green dot in column heading)

Indicates whether the entry is currently referred to by another item in the configuration. If another item is using this entry, a red dot appears in this column, and the entry cannot be deleted.

You can add an LDAP profile to define a set of queries that the FortiVoice unit can use with an LDAP server. You might create more than one LDAP profile if, for example, you have more than one LDAP server, or you want to configure multiple, separate query sets for the same LDAP server.

After you have created an LDAP profile, LDAP profile options will appear in other areas of the FortiVoice unit’s configuration. These options let you to select the LDAP profile where you might otherwise create a reference to a configuration item stored locally on the FortiVoice unit itself. These other configuration areas will only allow you to select applicable LDAP profiles — that is, those LDAP profiles in which you have enabled the query required by that feature. For example, if a feature requires a definition of user groups, you can select only from those LDAP profiles where Group Query Options are enabled.

To configure an LDAP profile

  1. Go to Phone System > > Profile > LDAP.
  2. Click New to add a profile or double-click a profile to modify it.

    GUI field

    Description

    Profile name

    For a new profile, enter its name.

    Server name/IP

    Enter the fully qualified domain name (FQDN) or IP address of the LDAP server.

    Port: Enter the port number where the LDAP server listens.

    The default port number varies by your selection in Use secure connection: port 389 is typically used for non-secure connections, and port 636 is typically used for SSL-secured (LDAPS) connections.

    Fallback server name/IP

    Optional. Enter the fully qualified domain name (FQDN) or IP address of an alternate LDAP server that the FortiVoice unit can query if the primary LDAP server is unreachable.

    Port: Enter the port number where the fallback LDAP server listens.

    The default port number varies by your selection in Use secure connection: port 389 is typically used for non-secure connections, and port 636 is typically used for SSL-secured (LDAPS) connections.

    Use secure connection

    Select whether to connect to the LDAP servers using an encrypted connection.

    • none: Use a non-secure connection.
    • SSL: Use an SSL-secured (LDAPS) connection.

    Click Test LDAP Query to test the connection. A pop-up window appears. For details, see Testing LDAP profile queries.

    Base DN

    Enter the distinguished name (DN) of the part of the LDAP directory tree within which the FortiVoice unit will search for user objects, such as ou=People,dc=example,dc=com.

    User objects should be child nodes of this location.

    Bind DN

    Enter the bind DN, such as cn=FortiVoiceA,dc=example,dc=com, of an LDAP user account with permissions to query the Base DN.

    This field may be optional if your LDAP server does not require the FortiVoice unit to authenticate when performing queries.

    Bind password

    Enter the password of the Bind DN.

    Click Browse to locate the LDAP directory from the location that you specified in Base DN, or, if you have not yet entered a Base DN, beginning from the root of the LDAP directory tree.

    Browsing the LDAP tree can be useful if you need to locate your Base DN, or need to look up attribute names. For example, if the Base DN is unknown, browsing can help you to locate it.

    Before using, first configure Server name/IP, Use secure connection, Bind DN, Bind password, and Protocol version, then click Create or OK. These fields provide minimum information required to establish the directory browsing connection.

  3. Configure the following sections:
  4. Click Create, OK or Apply.

    The LDAP profile appears in the LDAP profile list. To apply it, select the profile in features that support LDAP queries, such as protected domains and policies.

    Before using the LDAP profile in other areas of the configuration, verify the configuration of each query that you have enabled in the LDAP profile. Incorrect query configuration can result in unexpected phone processing behavior. For information on testing queries, see Testing LDAP profile queries.

Configuring authentication options

The following procedure is part of the LDAP profile configuration process. For general procedures about how to configure an LDAP profile, see Configuring LDAP profiles.

  1. Go to Phone System > Profile > LDAP.
  2. Click New to create a new profile or double click on an existing profile to edit it.
  3. Click the arrow to expand the User Authentication Options section.
  4. Configure the following:
  5. GUI field

    Description

    Try Common Name with Base DN as Bind DN

    Select to form the user’s bind DN by prepending a common name to the base DN. Also enter the name of the user objects’ common name attribute, such as cn or uid into the field.

    Search User and Try Bind DN

    Select to form the user’s bind DN by using the DN retrieved for that user by configuring the following:

    • LDAP user query: Enter an LDAP query filter that selects a set of user objects from the LDAP directory.
    • The query string filters the result set, and should be based upon any attributes that are common to all user objects but also exclude non-user objects.

      For example, if user objects in your directory have two distinguishing characteristics, their objectClass and extension attributes, the query filter might be:

      (& (objectClass=inetOrgPerson) (telephonenumber=$u))

      where $u is the FortiVoice variable for a user's extension.

      This option is preconfigured and read-only if you have selected from Schema any schema style other than User Defined.

    • Schema: If your LDAP directory’s user objects use a common schema style:
      • InetOrgPerson
      • Active Directory

      Select the schema style. This automatically configures the query string to match that schema style.

      If your LDAP server uses any other schema style, select User Defined, then manually configure the query string.

    • Scope: Select which level of depth to query, starting from Base DN.
      • One level: Query only the one level directly below the Base DN in the LDAP directory tree.
      • Subtree: Query recursively all levels below the Base DN in the LDAP directory tree.
    • Derefer: Select the method to use, if any, when dereferencing attributes whose values are references.
      • Never: Do not dereference.
      • Always: Always dereference.
      • Search: Dereference only when searching.
      • Find: Dereference only when finding the base search object.

Configuring advanced options

The following procedure is part of the LDAP profile configuration process. For general procedures about how to configure an LDAP profile, see Configuring LDAP profiles.

  1. Go to Phone System > Profile > LDAP.
  2. Click New to create a new profile or double click on an existing profile to edit it.
  3. Click the arrow to expand the Advanced Options section.
  4. Configure the following:

GUI field

Description

Timeout (seconds)

Enter the maximum amount of time in seconds that the FortiVoice unit will wait for query responses from the LDAP server.

Protocol version

Select the LDAP protocol version used by the LDAP server.

Enable cache

Enable to cache LDAP query results.

Caching LDAP queries can introduce a delay between when you update LDAP directory information and when the FortiVoice unit begins using that new information, but also has the benefit of reducing the amount of LDAP network traffic associated with frequent queries for information that does not change frequently.

If this option is enabled but queries are not being cached, inspect the value of TTL. Entering a TTL value of 0 effectively disables caching.

TTL (minutes)

Enter the amount of time, in minutes, that the FortiVoice unit will cache query results. After the TTL has elapsed, cached results expire, and any subsequent request for that information causes the FortiVoice unit to query the LDAP server, refreshing the cache.

The default TTL value is 1440 minutes (one day). The maximum value is 10080 minutes (one week). Entering a value of 0 effectively disables caching.

This option is applicable only if Enable cache is enabled.

Enable user password change

Enable if you want to allow FortiVoice web portal users to change their password.

Password schema

Select your LDAP server’s user schema style, either OpenLDAP or Active Directory.

Testing LDAP profile queries

After you have created an LDAP profile, you should test each enabled query in the LDAP profile to verify that the FortiVoice unit can connect to the LDAP server, that the LDAP directory contains the required attributes and values, and that the query configuration is correct.

When testing a query in an LDAP profile, you may encounter error messages that indicate failure of the query and how to fix the problem.

To verify user authentication options

  1. Go to Phone System > Profile > LDAP.
  2. Double-click the LDAP profile whose query you want to test.
  3. Click Test LDAP Query.

    A pop-up window appears allowing you to test the query.

  4. From Select query type, select Authentication.
  5. In User name, enter the user name or extension of a user on the LDAP server, such as jdoe or 1234, depending your selection of User Authentication Options.
  6. In Password, enter the current password for that user.
  7. Click Test.

    The FortiVoice unit performs the query, and displays either success or failure for each operation in the query, such as the search to locate the user record, or binding to authenticate the user.

Clearing the LDAP profile cache

You can clear the FortiVoice unit’s cache of query results for any LDAP profile.

This may be useful after, for example, you have updated parts of your LDAP directory that are used by that LDAP profile, and you want the FortiVoice unit to discard outdated cached query results and reflect changes to the LDAP directory. After the cache is emptied, any subsequent request for information from that LDAP profile causes the FortiVoice unit to query the updated LDAP server, refreshing the cache.

eTo clear the LDAP query cache

  1. Go to Phone System > Profile > LDAP.
  2. Double-click the LDAP profile whose query cache you want to clear.
  3. Click Test LDAP Query.
  4. From Select query type, select Clear Cache.

    A warning appears at the bottom of the window, notifying you that the cache for this LDAP profile will be cleared if you proceed. All queries will therefore be new again, resulting in decreased performance until the query results are again cached.

  5. Click Ok.

    The FortiVoice unit empties cached LDAP query responses associated with that LDAP profile.

Configuring RADIUS authentication profiles

The FortiVoice unit supports RADIUS authentication method by using the RADIUS profiles that you configure.

To configure a RADIUS profile

  1. Go to Phone System > Profile > RADIUS.
  2. Click New.
  3. Configure the following:
  4. GUI field

    Description

    Profile name

    Enter a name for this profile.

    Server name/IP

    Enter the fully qualified domain name (FQDN) or IP address of a server that will use RADIUS method to authenticate users.

    Server port

    Enter the port number on which the authentication server listens. You must change this value if the server is configured to listen on a different port number, including if the server requires use of SSL.

    The default port is 1812.

    Protocol

    Select the authentication scheme for the RADIUS server.

    Server secret

    Enter the secret required by the RADIUS server. It must be identical to the secret that is configured on the RADIUS server.

    Server requires domain

    Enable if the authentication server requires that users authenticate using their full email address (such as user1@example.com) and not just the user name (such as user1).

  5. Click Create.

Configuring user privileges

A user privilege includes a collection of phone services and restrictions that can be applied to each extension user.

The default user privilege configurations can be edited but cannot be deleted.

For information on extensions, see Configuring Extensions.

To configure a user privilege

  1. Go to Phone System > Profile > User Privilege and click New.
  2. Configure the following:

    GUI field

    Description

    Name

    Enter a name for this profile.

    Basic Setting

    Auto provisioning

    Select to enable auto-provisioning for the extension. For more information, see Configuring SIP phone auto-provisioning.

    Once a FortiFone or supported DHCP-enabled phone connects to the FortiVoice unit and is auto-discovered, the FortiVoice unit assigns an IP address to the FortiFone and sends the basic PBX setup information to it. The full PBX configuration file will only be sent to the phone if this option is selected in the user privilege applied to the extension associated with the phone.

    List in directory

    Select to put the user’s name in the dial-by-name directory which allows a caller to find a user’s extension number, and connect to their local extension or remote extension. This way the caller can reach their party without speaking to the receptionist.

    Configure programmable phone feature key/PFK

    Select to enable configuring the feature access codes. For more information, see Modifying feature access codes.

    Softclient API login

    Select to enable FortiVoice softclient to log into the FortiVoice unit.

    Lookup directory

    Select to enable a user to view the phone directory of the local office. For more information, see Viewing call directory.

    Lookup directory in remote office(s)

    Select to enable a user to view the phone directories of remote offices. For more information, see Viewing call directory.

    Twinning

    Select to enable twinning function on an extension.

    The twinning feature allows you to use an external telephone (often a smartphone or home phone) to replicate your internal office extension (often your desk phone), so that when your desk phone rings, so does the “twin” phone. Once you return to your desk, you may press the Twinning key on the phone to terminate the twinning.

    This is useful when you are away from your desk but still want to receive calls to your desk phone.

    With this feature selected, you can configure twinning. For more information, see Setting extension user preferences.

    Internet of Things

    Select to enable configuring your FortiVoice unit’s integration with Amazon Alexa. This is only available if you enable the system global control under Phone System > Setting > Miscellaneous.

    For more information, see Configuring Internet of Things (IoT).

    Operator Role

    Select to enable an extension user to process phone calls using the FortiVoice user portal.

    You can select the four options to handle calls in each category.

    When the user privilege with this option selected is applied to an extension, an Operator Console button will appear on the top of the extension user’s FortiVoice web portal. Clicking the button lets the user to process phone calls on the Web.

    Voicemail

    Select to enable the voicemail service.

    Maximum messages

    Enter the number of voice mails allowed.

    Voicemail retention days

    Enter the number of days to keep the voicemails.

    Music

    Music on hold

    Select a music on hold file. For details, see Managing phone audio settings .

    Early media

    Early media is the exchange of information between the PBXes before the establishment of a phone connection, such as the ring tone. You can select a music file for early media. For details, see Managing phone audio settings .

    Fax

    Select to set the fax rules for users. For information on fax, see Configuring fax.

    Max incoming messages

    Enter the number of incoming faxes allowed.

    Max incoming fax retention days

    Enter the number of days to keep the incoming faxes.

    Max outgoing messages

    Enter the number of outgoing faxes allowed.

    Max outgoing fax retention days

    Enter the number of days to keep the outgoing faxes.

    Call Restriction

    Select call dialing restrictions for international, long distance, local, and internal calls.

    • Forbidden: Call is not allowed.
    • Allowed: Call is allowed.
    • Allowed with Account Code: Call is allowed by entering the system account/exempt code. For information on account code, see Configuring account codes.
      Not applicable to internal calls.
    • Allowed with Personal Code: Call is allowed by entering an extension’s account/exempt code. For more information, see Configuring account codes.
      Not applicable to internal calls.
    • Allowed with Account and Personal Code: Call is allowed by entering the system and extension account/exempt codes.
      Not applicable to internal calls.

    Other Restricted Area Code

    You can specify area codes to which an extension is allowed or denied to make phone calls.

    1. Click New.
    2. Enter a name for this call restriction.
    3. Select Enabled to activate this restriction.
    4. Enter the area code that you want to set restriction.
    5. Select the permission for the area code. For more information, see Call Restriction.
    6. Click Create.

    Miscellaneous

    The max number of concurrent calls: Set the maximum number of concurrent incoming and outgoing calls on the extension. The range is 1-10. The default is 4.

    Monitor/Recording

    Configure monitoring and recording outgoing and incoming calls of an extension to which this user privilege is applied.

    Personal recording

    Select to allow users to configure personal recording of their incoming and outgoing calls on the user web interface.

    System recording

    Select to allow users to configure system recording of their incoming and outgoing calls on the user web interface.

    Allow being barged

    Select to allow monitoring an extension to which this user privilege is applied.

    Allow barging

    Select to allow the extension to which this user privilege is applied to monitor other extensions.

    To barge a call, you need to enter your user PIN. For information on user PIN, see Voicemail PIN.

    Call barge option

    If you select Allow barging, choose a barging method.

    Hot-desking

    Hot desking enables users to log into another phone. However, unlike using Follow Me or Call Forwarding which simply redirect a user's calls to another user’s phone, hot desking takes total control of another phone by applying all of the user's own phone settings to that phone until the user logs out. Each user can log into another phone by pressing *11 and enter his extension number and user PIN following the prompts. To log out, a user can press *12.

    You can view hot desking configurations by going to Viewing activity details of hot desking extensions.

    • Enable hot-desking login: Select to enable the hot-desking login function.
    • Automatic logout hours: Enter the time in hours for the phone to automatically log out of hot-desking.
    • Enable hosting hot-desking: Select if you want to log into a regular phone with the hot-desking phone authentication (by pressing *11 and enter your extension number and user PIN following the prompts).
      By doing so, the regular phone keeps its configuration and extension number. However, outgoing calls display the hot-desking number.
      The regular phone logs out of hot-desking when the time set in Automatic logout hours expires.

    If the two phones use different programmable phone keys, the host phone will reboot. For information on programmable phone keys, see Configuring phone profiles.

    User Portal

    Enable or disable the user portal and select the features for it. Only the selected ones will appear for the extension to which this user privilege is applied.

    Advanced Setting

    Conference number

    Select the permission for conference calls:

    • Allow All: Select to allow the extension to join all conference calls.
    • Disallow All: Select to prohibit the extension from joining all conference calls.
    • Allow All with Exempt: If you select this option, click New to enter the conference call number(s) that the extension is banned to join.
    • Disallow All with Exempt: If you select this option, click New to enter the conference call number(s) that the extension is allowed to join.

    For more information, see Configuring auto attendants.

    Paging/Intercom

    Select the permission for paging/intercom:

    • Allow All: Select to allow the extension to page/intercom all paging numbers.
    • Disallow All: Select to prohibit the extension to page/intercom all paging numbers.
    • Allow All with Exempt: If you select this option, click New to enter the paging/intercom number(s) that the extension is banned to page/intercom.
    • Disallow All with Exempt: If you select this option, click New to enter the paging/intercom number(s) that the extension is allowed to page/intercom.

    For more information on paging, see Configuring auto attendants.

    Trusted hosts type

    Select the type of the subnet that can register with the SIP server. Only extensions on the specified subnet can register with the SIP server.

    If you select User defined, enter the information in Trusted hosts.

    Trusted hosts

    Enter the IP address and netmask of the subnet that can register with the SIP server.

    You can add multiple trusted hosts.

    Permitted outgoing rules

    Enable or disable all available outbound calling rules. For more information on calling rules, see Configuring outbound dial plans.

  3. Click Create.

Configuring emergency zone profiles

You configure an emergency zone profile to include the detailed contact information in case of emergencies.

To configure an emergency zone profile

  1. Go to Phone System > Profile > Emergency Zone.
  2. Click New and configure the following:

    GUI field

    Description

    Name

    For a new profile, enter its name.

    Emergency caller ID

    Enter the caller ID to display on the destination phone when you dial the emergency number, such as 911.

    If an extension in this profile already has an emergency caller ID, this ID is overridden by the extension’s own ID. See Emergency caller ID.

    Description

    Enter any notes you have for this profile.

    Emergency setting

    Configure to send an alert email when an emergency call is made.

    Select Do nothing if you donot want the FortiVoice unit to send an alert email. Otherwise, select Send alert email and enter the following:

    • Emergency contact emails: the email address for emergency contact. You can click + and add more addresses.
    • Emergency barge number: the extension number for authorized users to dial into an ongoing emergency call to listen or provide information to the call.

    Contact Information

    Enter the emergency contact information for the profile.

  3. Click Create.

Scheduling the FortiVoice unit

You can schedule the FortiVoice operation time and use the schedules when configuring dial plans, virtual numbers, or call management. The default schedules, namely after_hour, any_time, business_hour, and holiday, can be modified but cannot be deleted.

Depending on your preference, you can create either a standard or a calendar-based schedule.

For information on dial plan, see Configuring Call Routing.

For information on virtual numbers, see Working with virtual numbers.

For information on call management, see Setting extension user preferences.

To configure a standard schedule

  1. Go to Phone System > Profile > Schedule and click New.
  2. Enter a profile name and select Standard for Mode.
  3. Click Create.
  4. In the schedule list, select the profile name you created and click Edit.
  5. For Week Day, select the days to include in the schedule and set the AM and PM time or select Full Day.
  6. For Holiday, click New to set the holidays. For example, select 01/01/12 in the Date field and enter New Year’s Day in the Description field, and click Create.
  7. Click OK.

To configure a calendar-based schedule

  1. Go to Phone System > Profile > Schedule and click New.
  2. Enter a profile name and select Calendar for Mode.
  3. Click Create.
  4. In the schedule list, select the profile name you created and click Edit.
  5. Double-click a date to schedule an event.
  6. Click OK.

Working with FortiVoice profiles

Working with FortiVoice profiles

The Phone System > Profile tab lets you create user privileges and SIP profiles for configuring extensions and SIP trunks. It also allows you to modify caller IDs, schedule the FortiVoice unit, and configure phone and LDAP profiles.

This topic includes:

Configuring SIP profiles

Configure the supported phone features and codecs and apply them to the extensions and SIP trunks.

Note

Communicate with your VoIP service provider because the profile settings are subject to the capabilities of the VoIP service provider. For example, if some of your features and codecs are not supported by your VoIP service provider, they will not work even if they are enabled or selected in the SIP profile.

The default SIP profiles can be edited but cannot be deleted.

For information on extensions, see Configuring Extensions.

For information on SIP trunks, see Configuring Trunks.

To configure a SIP profile

  1. Go to Phone System > Profile > SIP and click New.
  2. Configure the following:

    GUI field

    Description

    Name

    Enter a name for this profile.

    DTMF

    Select the dual-tone multi-frequency (DTMF) method used by the VoIP provider. Options are RFC2833, Inband, and Info.

    Keep alive

    Enable and enter the time interval in seconds for the FortiVoice unit to talk to the SIP server of your service provider to keep the connectivity and check its capability.
    Keep alive value must be between 30 and 600.

    NAT

    Select if the VoIP service provider supports SIP NAT translation.

    T.38

    Select if the VoIP service provider supports fax over VoIP network.

    Transport

    Transport: SIP commonly uses TCP or UDP port 5060 and/or 5061. Port 5060 is used for non-encrypted SIP signaling sessions and port 5061 is typically used for SIP sessions encrypted with Transport Layer Security (TLS).

    Enable the protocols as required.

    This option, if applied to a user, overrides the system-wide transport settings . For more information, see Configuring SIP settings.

    Secure RTP: Select to provide encryption, message authentication and integrity, and replay protection to the FortiVoice Real-time Transport Protocol data.

    Codec

    Select the audio and video codecs supported by the VoIP service provider. Among the selected ones, choose the preferred one for the VoIP provider. The preferred codec is usually the most used one in your area and provides the best quality of communication.

    If your preferred codec is different from that of your VoIP service provider, the service provider’s codec will be used as long as it is one of your supported codecs.

  3. Click Create.

Modifying caller IDs

You can change the phone number, caller’s name, or both that will appear on the destination phone.

Caller ID modifications are used when configuring dial plans. For more information, see Configuring Call Routing.

To modify a caller ID

  1. Go to Phone System > Profile > Caller ID Modification.
  2. Click New and configure the following:

    GUI field

    Description

    Name

    Enter the name for this caller ID modification record.

    Match number

    Enter the extension number or number pattern you want to modify.

    For example, you can enter 8134 to modify a single extension, or 81xx to modify all the four-digit numbers starting with 81.

    Number Modification

    If you have entered a number or number pattern in Map to new number field, configure the following values to modify it:

    • Strip: Enter a number to hide the starting part of an extension from displaying. 0 means no action.
    • For example, if your Match number is 8134 and Strip is 2, only 34 will be displayed as caller ID.

    • Truncate: Enter a number to hide the ending part of an extension from displaying. 0 means no action.
    • For example, if your Match number is 8134 and Truncate is 2, only 81 will be displayed as caller ID.

    • Prefix: Add a number before an extension.
    • For example, if your Match number is 8134 and Prefix is 5, the caller ID will be 58134.

    • Postfix: Add a number after an extension.
    • For example, if your Match number is 8134 and Postfix is 5, the caller ID will be 81345.

    Match option

    Select the way to match a call with caller name and number in order to modify call number or caller ID.

    • Match Number or Name: If the number is matched, modifications will be done based on Number Modification configuration. If the name is matched, modifications will be done based on Map to new caller ID name configuration.
    • Match Number then Name: If the number is matched, modifications will be done based on Number Modification configuration. If both the number and name are matched, modifications will be done based on Map to new caller ID name configuration.
    • Match Name then Number: If the Name is matched, modification will be done based on Map to new caller ID name configuration. If both the name and number are matched, modifications will be done based on Number Modification configuration.
    • Match Number and Name: If both the number and name are matched, modifications will be done based on Number Modification and Map to new caller ID name configurations.

    Match caller ID name

    Enter the caller ID that you want to map to another one.

    Caller IDs are created when configuring SIP extensions. See Configuring IP extensions.

    Map to new caller ID name

    Enter the new caller ID name that you want to map to the one entered in the Match caller ID name field.

    Block caller ID

    Select to stop your caller ID from displaying on the destination phone.

  3. Click Create.

Mapping a group of extensions to a caller ID name

If you want to map a group of extensions to a caller ID name, you can use the pattern for the extensions to do so.

For example, if you have a technical support team that has 10 extensions (8100-8110), instead of displaying each extension when making calls, you can just display one caller ID name “Support” for the whole team.

To map a group of extensions to a caller ID name

  1. Go to Phone System > Profile > Caller ID Modification.
  2. Click New.
  3. In the Match new number field, enter the pattern of the extensions, such as 81xx.
  4. In the Match option field, select Match Number or Name.
  5. In the Map to new caller ID name field, enter the caller ID name to which you want to map, such as “Support”.
  6. Click Create.

Configuring phone profiles

Phone profiles contain the phone configurations that are mostly used and customized, such as the programmable phone keys. Phone profiles make extension configuration more flexible because phone users are allowed to choose the profile they want. In addition, any changes the administrator makes to a profile is automatically applied to the extensions that use the profile. For more information, see Configuring IP extensions.

The phone profiles configured here appear as Admin defined profiles when you configure a SIP extension.

To configure a phone profile

  1. Go to Phone System > Profile > Phone.
  2. Click New and configure the following:

    GUI field

    Description

    Name

    Enter a name for the profile.

    Phone model

    Select a phone model for the profile.

    Time format

    Select the time display format on the phone.

    North American: mm/dd/yyyy

    International: dd/mm/yyyy

    Phone book

    Select Local only to include the phone directory on this FortiVoice unit, and Global to include the phone directories of any remote FortiVoice units connected to this unit.

    For information on phone directories, see Viewing call directory.

    Phone language

    Select the language display on the phone.

    Description

    Enter any notes you have for this profile.

    VLAN

    You may need to deploy phones using the existing IT infrastructure which only has one network drop for each employee. The network switch supports 802.1Q VLAN tagging and LLDP-MED. Some phones such as FortiFones have two network ports: LAN and PC. The recommended solution is to connect FortiFones to the switch using LAN port and connect the computer to the PC port of FortiFones. VLAN tag needs to be enabled to segregate FortiFone voice network and PC data network.

    Option

    If you select Manual, configure the following:

    Enable VLAN tagging for voice: Select to enable VLAN tagging to segregate FortiFone voice network and PC data network.

    Voice VLAN ID: Enter your organization’s VLAN ID for voice.

    Priority for voice: Enter the traffic service level recommended by the IEEE. Each number represents a traffic type. The range is from 0-7, with 7 being the highest.

    • 0: Background
    • 1: Best Effort
    • 2: Excellent Effort
    • 3: Critical Applications
    • 4: Video, < 100 ms latency and jitter
    • 5: Voice, < 10 ms latency and jitter
    • 6: Internetwork Control
    • 7: Network Control

    Enable VLAN tagging for data: Select to enable VLAN tagging to segregate PC data network and FortiFone voice network.

    Voice VLAN ID: Enter your organization’s VLAN ID for data.

    Priority for data: Enter the traffic service level recommended by the IEEE. Each number represents a traffic type. The range is from 0-7, with 7 being the highest.

    • 0: Background
    • 1: Best Effort
    • 2: Excellent Effort
    • 3: Critical Applications
    • 4: Video, < 100 ms latency and jitter
    • 5: Voice, < 10 ms latency and jitter
    • 6: Internetwork Control
    • 7: Network Control

    If you select LLDP (Link Layer Discovery Protocol), the FortiVoice unit automatically generates the configuration file. You need to enable LLDP support on your network switch.

    Automatic Configuration

    Display option

    Select what to display on the extension: the extension user’s name only or name and number.

    Digit map pause timer

    Enter the digit map timeout in seconds which defines the waiting time between the completion of dialing number entering and initiating the call.

    For example, if you enter 5 and use the default digit map syntax, the phone will initiate a call 5 seconds after you finish entering the dialing number.

    Intercom barge

    If you select FortiFone-175, 375, or 475 for Phone model, you can enable intercom barge to allow intercom drop-in in a phone conversation.

    Screensaver timer

    Select the screen saver time for the phone model you selected. This option varies for different phone models and is not available for all phone models.

    Button transparency

    If you select FortiFone-570 for Phone model, select the percentage of phone buttons’ background color transparency.

    Backlight time

    Set the phone backlight time to illuminate the screen in low light conditions.

    Hangup delay

    Set the delay time to disconnect calls after hanging up.

    This option does not apply to all models.

    Use pound(#) as dial or send key

    Enable if required.

    This option does not apply to all models.

    Popup missed call

    Enable if required.

    This option does not apply to all models.

    Keep alive

    Enter a value for FortiFone to send a packet to the FortiVoice unit at the interval of the entered keep alive value to keep the firewall ports open at all time. This is to ensure that calls are not missed due to the registration time change for external IP extensions.

    For example, if you enter 40, FortiFone will send a 2 byte packet every 40 seconds to keep the firewall ports open.

    This option does not apply to all models.

    External keep alive

    This option is available when you select FortiFone-X80 for Phone model.

    For external FortiFone-X80 extensions, the default keep alive option is 40 seconds. This is to ensure that calls are not missed due to the registration time change for external IP extensions.

    DST type

    Set the Daylight Saving Time for the phone. This option does not apply to all models.

    • Disabled: DST on the phone is disabled.
    • Automatic: DST on the phone is automatically set based on your location.

    Hotel

    If you select FortiFone-H35 for Phone model, enter the hotel contact information and instructions on how to dial rooms, local, long distance, and international number.

    You may also select the font color for the call display.

    Soft Button In Idle Status

    Optionally, enable the 4 soft buttons and make them functional in idle status.

    This option does not apply to all models.

    Phone Password

    Enter a password for the phone users to access their phone web GUIs and configure the advanced settings on the phones.

    This only applies to the supported phones.

  3. Click Create.

Configuring programmable keys profiles

The Programmable Keys submenu lets you configure the programmable keys for FortiFones. For FortiFones with expansion modules or multiple key pages, you can select the module or page to program the keys.

After a programmable keys profile is applied to an extension, the keypad programming is always the same regardless of the phone for the extension.

To configure a programmable keys profile

  1. Go to Phone System > Profile > Programmable Keys.
  2. Click New.
  3. Enter the profile name, select a phone type, enter any notes you have for the profile, and click Create.
  4. Double-click the profile you created and configure the following:

    GUI field

    Description

    Provisioning lines

    Select the phone lines you want to reserve. For example, if you select 2 for this phone, number 1 and 2 on the keypad become reserved for phone lines.

    Number of expanded modules

    Select the number of expanded modules for the keypad.

    This option only appears for certain FortiFone models.

    Number of pages to be used on this phone

    Select the number of pages for the keypad.

    This option only appears for certain FortiFone models.

    Base/Page/Expanded Module

    Fields display depending on the phone model.

    Option

    The keypad number of the phone.

    Mode

    Select User to allow users to configure the programmable keys on the web user portal.

    Select Admin to configure the programmable keys here.

    Function

    Select the function assigned to this key.

    Resource

    For some functions, you need to enter the information in this field based on your phone configuration. For example, if you select function Line appearance for key 3, select what the line is for in this field.

    Label

    For some functions, you can add a explanatory label for the key.

  5. Click OK.

Programmable keys descriptions

Function

Description

Resource

Label

Call forward

Allows you to enable or disable and configure the Call Forward feature.

Stays blank.

Edit the label or keep the default label (Call forward).

DTMF

When you are on a call and you press the DTMF key, the system dials the configured DTMF digits.

This key is useful when you need to enter consistent codes at an interactive voice response (IVR) system.

Note

The DTMF function is only available during a call.

Enter the DTMF

digits to dial when you press this programmable key on your phone.

Edit the label or keep the default label (DTMF).

Extension appearance

Allows you to quickly monitor the selected extension.

Select an extension from the list.

Edit the label or keep the one associated with the selected extension.

Intercom

Allows you to use the phone speaker of a local extension as an intercom.

Note

This function works for internal extensions only.

Stays blank.

Edit the label or keep the default label (Intercom).

Line appearance

Allows you to monitor the status of a line (available, busy, or on hold).

Select a line.

Edit the label or keep the one associated with the selected line (or trunk).

Park

Places the call into the first available call park slot. You will hear a prompt telling you which slot the call has been parked in.

Stays blank.

Edit the label or keep the default label (Auto park).

Park appearance

Monitors the selected call park slots, informing you if there is a call parked.

Select the park slot to monitor.

Edit the label or keep the one associated with the selected line (or slot).

Reserved for line

By default, the FortiVoice phone system reserves the first two programmable keys for lines on the phone so you can monitor your own calls on those lines.

If your phone has additional lines, then you can use the Reserved for line function to program the appearance of those lines.

If multiple accounts have been configured on this extension, choose which account to monitor.

Edit the label or keep the one associated with the selected line (or account).

System speed dial

Allows you to quickly place a call to the selected extension or phone number at a touch of a button.

Make a selection.

Edit the label or keep the one assigned by the FortiVoice system administrator.

Twinning

Allows an external phone to ring along with your office phone, so you can answer the call at either phone. Pressing the Twinning programmable key enables or disables the feature.

Before using this function, make sure that a profile (with twinning enabled) is applied to the extension.

Stays blank.

Edit the label or keep the default label (Twinning).

User speed dial

Allows you to quickly place a call to the selected extension or phone number at a touch of a button.

Select a contact from your speed dial list.

Edit the label or keep the one associated with the selected contact.

Configuring LDAP profiles

The LDAP submenu lets you configure LDAP profiles which can query LDAP servers for authentication.

Caution

Before using an LDAP profile, verify each LDAP query and connectivity with your LDAP server. When LDAP queries do not match with the server’s schema and/or contents, unintended phone call processing behaviors can result.

LDAP profiles each contains one or more queries that retrieve specific configuration data, such as user groups, from an LDAP server. The LDAP profile list indicates which queries you have enabled in each LDAP profile.

To view the list of LDAP profiles, go to Phone System > Profile > LDAP.

GUI field

Description

Profile Name

The name of the profile.

Server

The domain name or IP address of the LDAP server.

Port

The listening port of the LDAP server.

Auth

Indicates whether User Authentication Options is enabled.

Cache

Indicates whether query result caching is enabled.

(Green dot in column heading)

Indicates whether the entry is currently referred to by another item in the configuration. If another item is using this entry, a red dot appears in this column, and the entry cannot be deleted.

You can add an LDAP profile to define a set of queries that the FortiVoice unit can use with an LDAP server. You might create more than one LDAP profile if, for example, you have more than one LDAP server, or you want to configure multiple, separate query sets for the same LDAP server.

After you have created an LDAP profile, LDAP profile options will appear in other areas of the FortiVoice unit’s configuration. These options let you to select the LDAP profile where you might otherwise create a reference to a configuration item stored locally on the FortiVoice unit itself. These other configuration areas will only allow you to select applicable LDAP profiles — that is, those LDAP profiles in which you have enabled the query required by that feature. For example, if a feature requires a definition of user groups, you can select only from those LDAP profiles where Group Query Options are enabled.

To configure an LDAP profile

  1. Go to Phone System > > Profile > LDAP.
  2. Click New to add a profile or double-click a profile to modify it.

    GUI field

    Description

    Profile name

    For a new profile, enter its name.

    Server name/IP

    Enter the fully qualified domain name (FQDN) or IP address of the LDAP server.

    Port: Enter the port number where the LDAP server listens.

    The default port number varies by your selection in Use secure connection: port 389 is typically used for non-secure connections, and port 636 is typically used for SSL-secured (LDAPS) connections.

    Fallback server name/IP

    Optional. Enter the fully qualified domain name (FQDN) or IP address of an alternate LDAP server that the FortiVoice unit can query if the primary LDAP server is unreachable.

    Port: Enter the port number where the fallback LDAP server listens.

    The default port number varies by your selection in Use secure connection: port 389 is typically used for non-secure connections, and port 636 is typically used for SSL-secured (LDAPS) connections.

    Use secure connection

    Select whether to connect to the LDAP servers using an encrypted connection.

    • none: Use a non-secure connection.
    • SSL: Use an SSL-secured (LDAPS) connection.

    Click Test LDAP Query to test the connection. A pop-up window appears. For details, see Testing LDAP profile queries.

    Base DN

    Enter the distinguished name (DN) of the part of the LDAP directory tree within which the FortiVoice unit will search for user objects, such as ou=People,dc=example,dc=com.

    User objects should be child nodes of this location.

    Bind DN

    Enter the bind DN, such as cn=FortiVoiceA,dc=example,dc=com, of an LDAP user account with permissions to query the Base DN.

    This field may be optional if your LDAP server does not require the FortiVoice unit to authenticate when performing queries.

    Bind password

    Enter the password of the Bind DN.

    Click Browse to locate the LDAP directory from the location that you specified in Base DN, or, if you have not yet entered a Base DN, beginning from the root of the LDAP directory tree.

    Browsing the LDAP tree can be useful if you need to locate your Base DN, or need to look up attribute names. For example, if the Base DN is unknown, browsing can help you to locate it.

    Before using, first configure Server name/IP, Use secure connection, Bind DN, Bind password, and Protocol version, then click Create or OK. These fields provide minimum information required to establish the directory browsing connection.

  3. Configure the following sections:
  4. Click Create, OK or Apply.

    The LDAP profile appears in the LDAP profile list. To apply it, select the profile in features that support LDAP queries, such as protected domains and policies.

    Before using the LDAP profile in other areas of the configuration, verify the configuration of each query that you have enabled in the LDAP profile. Incorrect query configuration can result in unexpected phone processing behavior. For information on testing queries, see Testing LDAP profile queries.

Configuring authentication options

The following procedure is part of the LDAP profile configuration process. For general procedures about how to configure an LDAP profile, see Configuring LDAP profiles.

  1. Go to Phone System > Profile > LDAP.
  2. Click New to create a new profile or double click on an existing profile to edit it.
  3. Click the arrow to expand the User Authentication Options section.
  4. Configure the following:
  5. GUI field

    Description

    Try Common Name with Base DN as Bind DN

    Select to form the user’s bind DN by prepending a common name to the base DN. Also enter the name of the user objects’ common name attribute, such as cn or uid into the field.

    Search User and Try Bind DN

    Select to form the user’s bind DN by using the DN retrieved for that user by configuring the following:

    • LDAP user query: Enter an LDAP query filter that selects a set of user objects from the LDAP directory.
    • The query string filters the result set, and should be based upon any attributes that are common to all user objects but also exclude non-user objects.

      For example, if user objects in your directory have two distinguishing characteristics, their objectClass and extension attributes, the query filter might be:

      (& (objectClass=inetOrgPerson) (telephonenumber=$u))

      where $u is the FortiVoice variable for a user's extension.

      This option is preconfigured and read-only if you have selected from Schema any schema style other than User Defined.

    • Schema: If your LDAP directory’s user objects use a common schema style:
      • InetOrgPerson
      • Active Directory

      Select the schema style. This automatically configures the query string to match that schema style.

      If your LDAP server uses any other schema style, select User Defined, then manually configure the query string.

    • Scope: Select which level of depth to query, starting from Base DN.
      • One level: Query only the one level directly below the Base DN in the LDAP directory tree.
      • Subtree: Query recursively all levels below the Base DN in the LDAP directory tree.
    • Derefer: Select the method to use, if any, when dereferencing attributes whose values are references.
      • Never: Do not dereference.
      • Always: Always dereference.
      • Search: Dereference only when searching.
      • Find: Dereference only when finding the base search object.

Configuring advanced options

The following procedure is part of the LDAP profile configuration process. For general procedures about how to configure an LDAP profile, see Configuring LDAP profiles.

  1. Go to Phone System > Profile > LDAP.
  2. Click New to create a new profile or double click on an existing profile to edit it.
  3. Click the arrow to expand the Advanced Options section.
  4. Configure the following:

GUI field

Description

Timeout (seconds)

Enter the maximum amount of time in seconds that the FortiVoice unit will wait for query responses from the LDAP server.

Protocol version

Select the LDAP protocol version used by the LDAP server.

Enable cache

Enable to cache LDAP query results.

Caching LDAP queries can introduce a delay between when you update LDAP directory information and when the FortiVoice unit begins using that new information, but also has the benefit of reducing the amount of LDAP network traffic associated with frequent queries for information that does not change frequently.

If this option is enabled but queries are not being cached, inspect the value of TTL. Entering a TTL value of 0 effectively disables caching.

TTL (minutes)

Enter the amount of time, in minutes, that the FortiVoice unit will cache query results. After the TTL has elapsed, cached results expire, and any subsequent request for that information causes the FortiVoice unit to query the LDAP server, refreshing the cache.

The default TTL value is 1440 minutes (one day). The maximum value is 10080 minutes (one week). Entering a value of 0 effectively disables caching.

This option is applicable only if Enable cache is enabled.

Enable user password change

Enable if you want to allow FortiVoice web portal users to change their password.

Password schema

Select your LDAP server’s user schema style, either OpenLDAP or Active Directory.

Testing LDAP profile queries

After you have created an LDAP profile, you should test each enabled query in the LDAP profile to verify that the FortiVoice unit can connect to the LDAP server, that the LDAP directory contains the required attributes and values, and that the query configuration is correct.

When testing a query in an LDAP profile, you may encounter error messages that indicate failure of the query and how to fix the problem.

To verify user authentication options

  1. Go to Phone System > Profile > LDAP.
  2. Double-click the LDAP profile whose query you want to test.
  3. Click Test LDAP Query.

    A pop-up window appears allowing you to test the query.

  4. From Select query type, select Authentication.
  5. In User name, enter the user name or extension of a user on the LDAP server, such as jdoe or 1234, depending your selection of User Authentication Options.
  6. In Password, enter the current password for that user.
  7. Click Test.

    The FortiVoice unit performs the query, and displays either success or failure for each operation in the query, such as the search to locate the user record, or binding to authenticate the user.

Clearing the LDAP profile cache

You can clear the FortiVoice unit’s cache of query results for any LDAP profile.

This may be useful after, for example, you have updated parts of your LDAP directory that are used by that LDAP profile, and you want the FortiVoice unit to discard outdated cached query results and reflect changes to the LDAP directory. After the cache is emptied, any subsequent request for information from that LDAP profile causes the FortiVoice unit to query the updated LDAP server, refreshing the cache.

eTo clear the LDAP query cache

  1. Go to Phone System > Profile > LDAP.
  2. Double-click the LDAP profile whose query cache you want to clear.
  3. Click Test LDAP Query.
  4. From Select query type, select Clear Cache.

    A warning appears at the bottom of the window, notifying you that the cache for this LDAP profile will be cleared if you proceed. All queries will therefore be new again, resulting in decreased performance until the query results are again cached.

  5. Click Ok.

    The FortiVoice unit empties cached LDAP query responses associated with that LDAP profile.

Configuring RADIUS authentication profiles

The FortiVoice unit supports RADIUS authentication method by using the RADIUS profiles that you configure.

To configure a RADIUS profile

  1. Go to Phone System > Profile > RADIUS.
  2. Click New.
  3. Configure the following:
  4. GUI field

    Description

    Profile name

    Enter a name for this profile.

    Server name/IP

    Enter the fully qualified domain name (FQDN) or IP address of a server that will use RADIUS method to authenticate users.

    Server port

    Enter the port number on which the authentication server listens. You must change this value if the server is configured to listen on a different port number, including if the server requires use of SSL.

    The default port is 1812.

    Protocol

    Select the authentication scheme for the RADIUS server.

    Server secret

    Enter the secret required by the RADIUS server. It must be identical to the secret that is configured on the RADIUS server.

    Server requires domain

    Enable if the authentication server requires that users authenticate using their full email address (such as user1@example.com) and not just the user name (such as user1).

  5. Click Create.

Configuring user privileges

A user privilege includes a collection of phone services and restrictions that can be applied to each extension user.

The default user privilege configurations can be edited but cannot be deleted.

For information on extensions, see Configuring Extensions.

To configure a user privilege

  1. Go to Phone System > Profile > User Privilege and click New.
  2. Configure the following:

    GUI field

    Description

    Name

    Enter a name for this profile.

    Basic Setting

    Auto provisioning

    Select to enable auto-provisioning for the extension. For more information, see Configuring SIP phone auto-provisioning.

    Once a FortiFone or supported DHCP-enabled phone connects to the FortiVoice unit and is auto-discovered, the FortiVoice unit assigns an IP address to the FortiFone and sends the basic PBX setup information to it. The full PBX configuration file will only be sent to the phone if this option is selected in the user privilege applied to the extension associated with the phone.

    List in directory

    Select to put the user’s name in the dial-by-name directory which allows a caller to find a user’s extension number, and connect to their local extension or remote extension. This way the caller can reach their party without speaking to the receptionist.

    Configure programmable phone feature key/PFK

    Select to enable configuring the feature access codes. For more information, see Modifying feature access codes.

    Softclient API login

    Select to enable FortiVoice softclient to log into the FortiVoice unit.

    Lookup directory

    Select to enable a user to view the phone directory of the local office. For more information, see Viewing call directory.

    Lookup directory in remote office(s)

    Select to enable a user to view the phone directories of remote offices. For more information, see Viewing call directory.

    Twinning

    Select to enable twinning function on an extension.

    The twinning feature allows you to use an external telephone (often a smartphone or home phone) to replicate your internal office extension (often your desk phone), so that when your desk phone rings, so does the “twin” phone. Once you return to your desk, you may press the Twinning key on the phone to terminate the twinning.

    This is useful when you are away from your desk but still want to receive calls to your desk phone.

    With this feature selected, you can configure twinning. For more information, see Setting extension user preferences.

    Internet of Things

    Select to enable configuring your FortiVoice unit’s integration with Amazon Alexa. This is only available if you enable the system global control under Phone System > Setting > Miscellaneous.

    For more information, see Configuring Internet of Things (IoT).

    Operator Role

    Select to enable an extension user to process phone calls using the FortiVoice user portal.

    You can select the four options to handle calls in each category.

    When the user privilege with this option selected is applied to an extension, an Operator Console button will appear on the top of the extension user’s FortiVoice web portal. Clicking the button lets the user to process phone calls on the Web.

    Voicemail

    Select to enable the voicemail service.

    Maximum messages

    Enter the number of voice mails allowed.

    Voicemail retention days

    Enter the number of days to keep the voicemails.

    Music

    Music on hold

    Select a music on hold file. For details, see Managing phone audio settings .

    Early media

    Early media is the exchange of information between the PBXes before the establishment of a phone connection, such as the ring tone. You can select a music file for early media. For details, see Managing phone audio settings .

    Fax

    Select to set the fax rules for users. For information on fax, see Configuring fax.

    Max incoming messages

    Enter the number of incoming faxes allowed.

    Max incoming fax retention days

    Enter the number of days to keep the incoming faxes.

    Max outgoing messages

    Enter the number of outgoing faxes allowed.

    Max outgoing fax retention days

    Enter the number of days to keep the outgoing faxes.

    Call Restriction

    Select call dialing restrictions for international, long distance, local, and internal calls.

    • Forbidden: Call is not allowed.
    • Allowed: Call is allowed.
    • Allowed with Account Code: Call is allowed by entering the system account/exempt code. For information on account code, see Configuring account codes.
      Not applicable to internal calls.
    • Allowed with Personal Code: Call is allowed by entering an extension’s account/exempt code. For more information, see Configuring account codes.
      Not applicable to internal calls.
    • Allowed with Account and Personal Code: Call is allowed by entering the system and extension account/exempt codes.
      Not applicable to internal calls.

    Other Restricted Area Code

    You can specify area codes to which an extension is allowed or denied to make phone calls.

    1. Click New.
    2. Enter a name for this call restriction.
    3. Select Enabled to activate this restriction.
    4. Enter the area code that you want to set restriction.
    5. Select the permission for the area code. For more information, see Call Restriction.
    6. Click Create.

    Miscellaneous

    The max number of concurrent calls: Set the maximum number of concurrent incoming and outgoing calls on the extension. The range is 1-10. The default is 4.

    Monitor/Recording

    Configure monitoring and recording outgoing and incoming calls of an extension to which this user privilege is applied.

    Personal recording

    Select to allow users to configure personal recording of their incoming and outgoing calls on the user web interface.

    System recording

    Select to allow users to configure system recording of their incoming and outgoing calls on the user web interface.

    Allow being barged

    Select to allow monitoring an extension to which this user privilege is applied.

    Allow barging

    Select to allow the extension to which this user privilege is applied to monitor other extensions.

    To barge a call, you need to enter your user PIN. For information on user PIN, see Voicemail PIN.

    Call barge option

    If you select Allow barging, choose a barging method.

    Hot-desking

    Hot desking enables users to log into another phone. However, unlike using Follow Me or Call Forwarding which simply redirect a user's calls to another user’s phone, hot desking takes total control of another phone by applying all of the user's own phone settings to that phone until the user logs out. Each user can log into another phone by pressing *11 and enter his extension number and user PIN following the prompts. To log out, a user can press *12.

    You can view hot desking configurations by going to Viewing activity details of hot desking extensions.

    • Enable hot-desking login: Select to enable the hot-desking login function.
    • Automatic logout hours: Enter the time in hours for the phone to automatically log out of hot-desking.
    • Enable hosting hot-desking: Select if you want to log into a regular phone with the hot-desking phone authentication (by pressing *11 and enter your extension number and user PIN following the prompts).
      By doing so, the regular phone keeps its configuration and extension number. However, outgoing calls display the hot-desking number.
      The regular phone logs out of hot-desking when the time set in Automatic logout hours expires.

    If the two phones use different programmable phone keys, the host phone will reboot. For information on programmable phone keys, see Configuring phone profiles.

    User Portal

    Enable or disable the user portal and select the features for it. Only the selected ones will appear for the extension to which this user privilege is applied.

    Advanced Setting

    Conference number

    Select the permission for conference calls:

    • Allow All: Select to allow the extension to join all conference calls.
    • Disallow All: Select to prohibit the extension from joining all conference calls.
    • Allow All with Exempt: If you select this option, click New to enter the conference call number(s) that the extension is banned to join.
    • Disallow All with Exempt: If you select this option, click New to enter the conference call number(s) that the extension is allowed to join.

    For more information, see Configuring auto attendants.

    Paging/Intercom

    Select the permission for paging/intercom:

    • Allow All: Select to allow the extension to page/intercom all paging numbers.
    • Disallow All: Select to prohibit the extension to page/intercom all paging numbers.
    • Allow All with Exempt: If you select this option, click New to enter the paging/intercom number(s) that the extension is banned to page/intercom.
    • Disallow All with Exempt: If you select this option, click New to enter the paging/intercom number(s) that the extension is allowed to page/intercom.

    For more information on paging, see Configuring auto attendants.

    Trusted hosts type

    Select the type of the subnet that can register with the SIP server. Only extensions on the specified subnet can register with the SIP server.

    If you select User defined, enter the information in Trusted hosts.

    Trusted hosts

    Enter the IP address and netmask of the subnet that can register with the SIP server.

    You can add multiple trusted hosts.

    Permitted outgoing rules

    Enable or disable all available outbound calling rules. For more information on calling rules, see Configuring outbound dial plans.

  3. Click Create.

Configuring emergency zone profiles

You configure an emergency zone profile to include the detailed contact information in case of emergencies.

To configure an emergency zone profile

  1. Go to Phone System > Profile > Emergency Zone.
  2. Click New and configure the following:

    GUI field

    Description

    Name

    For a new profile, enter its name.

    Emergency caller ID

    Enter the caller ID to display on the destination phone when you dial the emergency number, such as 911.

    If an extension in this profile already has an emergency caller ID, this ID is overridden by the extension’s own ID. See Emergency caller ID.

    Description

    Enter any notes you have for this profile.

    Emergency setting

    Configure to send an alert email when an emergency call is made.

    Select Do nothing if you donot want the FortiVoice unit to send an alert email. Otherwise, select Send alert email and enter the following:

    • Emergency contact emails: the email address for emergency contact. You can click + and add more addresses.
    • Emergency barge number: the extension number for authorized users to dial into an ongoing emergency call to listen or provide information to the call.

    Contact Information

    Enter the emergency contact information for the profile.

  3. Click Create.

Scheduling the FortiVoice unit

You can schedule the FortiVoice operation time and use the schedules when configuring dial plans, virtual numbers, or call management. The default schedules, namely after_hour, any_time, business_hour, and holiday, can be modified but cannot be deleted.

Depending on your preference, you can create either a standard or a calendar-based schedule.

For information on dial plan, see Configuring Call Routing.

For information on virtual numbers, see Working with virtual numbers.

For information on call management, see Setting extension user preferences.

To configure a standard schedule

  1. Go to Phone System > Profile > Schedule and click New.
  2. Enter a profile name and select Standard for Mode.
  3. Click Create.
  4. In the schedule list, select the profile name you created and click Edit.
  5. For Week Day, select the days to include in the schedule and set the AM and PM time or select Full Day.
  6. For Holiday, click New to set the holidays. For example, select 01/01/12 in the Date field and enter New Year’s Day in the Description field, and click Create.
  7. Click OK.

To configure a calendar-based schedule

  1. Go to Phone System > Profile > Schedule and click New.
  2. Enter a profile name and select Calendar for Mode.
  3. Click Create.
  4. In the schedule list, select the profile name you created and click Edit.
  5. Double-click a date to schedule an event.
  6. Click OK.