Perform the following procedures to configure FortiFone softclient for mobile settings on the FortiVoice phone system:
Prior to starting the configuration, make sure to complete the recipes in Licensing.
Unless otherwise specified, steps in this FortiFone softclient section apply to SIP over TCP, UDP, and TLS.
- Configure external access settings
- Configure a SIP profile
- Assign the FortiFone softclient to a FortiVoice extension
- Export the FortiVoice server certificate for SIP over TLS
- On FortiVoice, go to System > Advanced > External Access.
- Set SIP server external hostname/IP address to the IP address or FQDN of the FortiVoice device and configure the following external access ports.
- Go to System > Advanced > SIP.
- Under Advanced Setting, make sure that SIP session helper is disabled.
Perform this procedure to create a new SIP profile.
The default SIP profile (sip_mobile_default) is set for SIP over TCP. If you want, you can update this profile to set it to the protocol used by your deployment.
- On FortiVoice, go to Phone System > Profile > SIP.
- Click New.
- In Name, enter a name for this SIP profile.
- In DTMF, select Auto.
- Enable NAT.
- In Transport, select the protocol. If you set Transport to TLS, enable Secure RTP.
- Click Create.
Example for configuring a SIP profile for UDP:
Example for configuring a SIP profile for TLS:
- On FortiVoice, go to Extension > Extension > IP Extension and click New.
- Enter a Number.
- Under Device Setting, click the Soft Phone tab.
- In License allocation, specify the value to configure.
- In Android/iPhone, select a default profile or the profile that you configured in Configure a SIP profile.
- Click Create.
- If your deployment uses SIP over TLS, go to Export the FortiVoice server certificate for SIP over TLS.
If your deployment uses SIP over TCP or UDP, go to Configuring FortiGate for SIP over TCP or UDP.
- On FortiVoice, go to System > Certificate > Local Certificate.
- In the list, select FortiVoiceSIPServer. This is the default certificate for the SIP service. If you are using a custom certificate, select that one instead of the default.
- Click Download and select Download PKCS12 File.
The PKCS12 Certificate Download dialog opens.
- In Password and Confirm password, enter a password to encrypt the key.
- To download the file, click OK.
- To save the file locally, click OK.
- Take note of the location where you save the file.
- Go to Configuring FortiGate for SIP over TLS.