Configuring advanced phone system settings

The System > Advanced submenu lets you configure SIP setting, SIP phone auto-provisioning, prompt languages, phone management, and system capacity.

This topic includes:

Configuring SIP settings
Configuring the internal ports
Configuring external access
Configuring SIP phone auto-provisioning

Configuring SIP settings

FortiVoice units support SIP communications.

To configure FortiVoice SIP Setting

Go System > Advanced > SIP.

Configure the following:

GUI field		Description
SIP Transport/Internal Ports		SIP communication commonly uses TCP or UDP port 5060 and/or 5061. Port 5060 is used for nonencrypted SIP signaling sessions and port 5061 is typically used for SIP sessions encrypted with Transport Layer Security (TLS). The WebSocket Secure (WSS) protocol establishes a WebSocket over an encrypted TLS connection. The default port is 8089. Enter the ports as required.
RTP Setting
	Port	Enter the starting Real-time Transport Protocol (RTP) port that the FortiVoice unit will use for phone call sessions. If the unit is behind a firewall, these ports should be open. Ensure there is a reasonable port range so that you have enough ports for all open calls. The default port is 5000. Enter the end RTP port that the FortiVoice unit will use for phone call sessions. Ensure there is a reasonable port range so that you have enough ports for all open calls. The default port is 30000.
	Timeout	Enter the amount of time in seconds during an active call that the extension will wait for RTP packets before hanging up the call. 0 means no time limit. The default is 60.
	Hold timeout	Enter the amount of time in seconds that the extension will wait on hold for RTP packets before hanging up the call. 0 means no time limit. The default is 300.
Registration/Subscription Interval		If this is a dynamic account with the VoIP provider, enter the registration interval as required by the VoIP provider. After each registration interval, the FortiVoice unit renews the registration of the account with the VoIP provider.
	Extension registration/subscription interval range	To keep the extensions’ registration status with the FortiVoice unit, enter the range of extension registration time interval as required by the FortiVoice unit in minutes. An extension’s registration timeout setting is overridden by the FortiVoice unit’s extension registration time interval range if it is out of the range. The default range is 1-480. The start of the range is 1-60 and the end of the range is 30-1440.
	Internal extension registration/subscrip tion interval	Enter the default registration time interval for the extensions on your subnet as required by the FortiVoice unit in minutes. The default is 30 and the range is 10-480. Set a proper value for this option. If it is too low, the performance of the FortiVoice unit is compromised due to frequent registration. If it is too high, the connection between the FortiVoice unit and the extension may terminate.
	External extension registration/subscrip tion interval	Enter the default registration time interval for the extensions on other subnets as required by the FortiVoice unit in seconds. The default is 30 and the range is 10-1800. Set a proper value for this option. The FortiVoice unit requires that external extensions register more frequently with it to keep the connection. However, if the value is set too low, the performance of the FortiVoice unit is compromised due to frequent registration. If it is too high, the connection between the FortiVoice unit and the extension may terminate.
Security		By default, the FortiVoice unit screens out incoming calls from unauthenticated source. If you want to change this default setting, select Accept unauthenticated incoming call.
Advanced Setting		SIP session helper: Select if you do not want the FortiVoice unit to apply NAT or other SIP session help features to SIP traffic. With the SIP session helper disabled, the FortiVoice unit can still accept SIP sessions if they are allowed by a security policy, but the FortiVoice unit will not be able to open pinholes or NAT the addresses in the SIP messages. Internal network type: Identify the internal networks designated for phone calls on the FortiVoice unit. When a call reaches the public IP address of the FortiVoice unit, it will be routed to one of the internal networks. Note that modifying internal networks terminate ongoing calls. This option is only available if you select SIP session helper. User defined: Configure your own internal network designated for phone calls on the FortiVoice unit. RFC 1918 predefined: Private IPv4 addresses used for internal traffic that does not route via the Internet. SIP timer T1: Enter the SIP T1 in milliseconds. This is an estimate of the Round Trip Time (RTT) of transactions between a client and server. For example, when a SIP Client attempts to send a request to a SIP Server, the time it takes between sending out the request to the point of getting a response is the SIP T1 timer. By default the timer is set to 500 milliseconds. The SIP Timer object is used as specific timing attribute to the SIP Signaling object. Use caution when adjusting these timers because undesired outcomes from lengthy SIP retransmits to an increase in traffic across the network may result. SIP timer B:This is the INVITE transaction timeout timer. It changes based on the SIP timer T1 value.

Click Apply.

Configuring the internal ports

System > Advanced > Service lets you configure the FortiVoice unit listening ports for network communications.

To configure internal port Setting

Go to System > Advanced > Service.
Change the default HTTP and HTTPS port numbers if required.
Enable TFTP port if required.
TFTP connection is not secure, and can be intercepted by a third party.
Other ports are predefined and cannot be changed.
Click Apply.

Configuring external access

System > Advanced > External Access lets you configure the FortiVoice unit external hostname/IP and ports through which it can be accessed by other devices through the internet.

When external extensions connect to the FortiVoice unit, they get the basic PBX configurations including the external access IP and ports through auto provisioning. They can then use the information to register with the FortiVoice unit. For more information, see Configuring SIP phone auto-provisioning.

Extensions are defined as external in extension configuration. For more information, see Configuring IP extensions.

To configure external access

Go to System > Advanced > External Access and configure the following:

GUI field	Description
SIP server external hostname/IP address	Enter the hostname/IP for your SIP server external access.
SIP External Ports	Enter the external access ports for SIP transport. WSS (WebSocket Secure) is used to support FortiFone desktop application.
Other service external hostname/IP address	If you have another service for external access, enter the hostname/IP.
Service External Ports	Enter the external access ports for the other service.

Click Apply.

Configuring SIP phone auto-provisioning

System > Advanced > Auto Provisioning allows the FortiVoice unit to discover the SIP phones on your network and send the configuration files to them.

With auto-provisioning configured, when a supported FortiFone is connected to the network and powered on, it is automatically discovered and receives the configuration file from the FortiVoice unit. The FortiFone will then reboot with the pushed-in configuration file and register with the FortiVoice unit.

The FortiVoice unit can only auto provision the supported FortiFones.

To configure auto-provisioning settings

Go to System > Advanced > Auto Provisioning and configure the following:

GUI field		Description
Auto Provisioning
	Enabled	Select to activate the SIP phone auto-provisioning function for auto discovering the phones.
	Unassigned phone (Generate default configuration for unassigned Desktop FortiFone)	This option is only available after auto provisioning is enabled. Select to generate basic phone configuration files for the supported unassigned SIP Desktop FortiFones. For details, see Viewing desktop FortiFones. With this option selected, once a supported FortiFone connects to the FortiVoice unit and is auto-discovered, the FortiVoice unit sends the basic PBX setup information to it for registering with the FortiVoice unit to be assigned an extension. If you want to upgrade your phone system and keep the current phone configuration, do not select this option. Otherwise your existing phone configuration will be overridden by the upgraded FortiVoice configuration.
	Provisioning protocol	Select the protocol for the phones to retrieve the configuration file from the FortiVoice unit.
	Server Setting for Phone Configuration	If you use different servers for SIP, NTP, and LDAP, select to configure the Setting of each server for the supported phones. The servers’ port information reflect the FortiVoice unit’s network interfaces. For details, see Configuring the network interfaces. SIP server: Select or click Overrideto enter the current public IP address or public domain name of the server. The SIP phones connect to this server to register. NTP server: Select or click Override to enter the current public IP address or public domain name of the server. The SIP phones connect to this server to synchronize time. LDAP contact: Select or click Override to enter the current public IP address or public domain name of the server. The SIP phones connect to this server to receive phone directories. Provisioning server: If you use a specific server to send PBX setup information to the phones, select or click Override to enter the current public IP address or public domain name of the server. The SIP phones connect to this server to receive the full PBX setup information.
Auto Discovery	If phone auto discovery is required, enable SIPPnP multicast function for the connected phones to find the provisioning server contained in its message for the phones. You can also click the DHCP server link to select or add a server that contains provisioning server information in its message for the phones to look for. For more information, see Configuring DHCP server. SIPPnP multicast and DHCP server do not conflict although SIPPnP has priority. Phones can retrieve provisioning server information from either of the two.
Other Setting
	Secondary account (Enable secondary account for Desktop FortiFone)	In addition to the main account, secondary accounts can be added on the same FortiVoice unit. When you add a secondary account to your extension, you can set the secondary extension to ring at the same time as your existing extension. However, the secondary extension operates separately. For example, extension 100 sets extension 200 to be a secondary account. When a call comes in to extension 100, both extensions (100 and 200) will ring and you can answer one of them. In the same example, if a call comes into extension 200, only extension 200 will ring. Select this option in order to add a secondary account when configuring extensions. For details, see Advanced
	Administrator PIN to provision phone	Click and enter a global password to be used by an administrator to connect a FortiFone phone to the FortiVoice unit to set mobile extension number. This password is also used by the administrator to override schedules. For details, see Configuring system capacity. For example, you can press the default Configure Phone feature code *17 (See Modifying feature access codes) on any FortiFone phone that connects to the FortiVoice unit and enter this password. You can then enter an existing extension to set it as the extension of this phone.
	Backward support of legacy FortiFone (FON 470/870360/460/ 560) (Obsolescent)	If you have legacy FortiFone phones, select this option for backward provisioning support.

Click Apply.