Configuring advanced phone system settings
The System > Advanced submenu lets you configure SIP setting, SIP phone auto-provisioning, prompt languages, phone management, and system capacity.
This topic includes:
- Configuring SIP settings
- Configuring the internal ports
- Configuring external access
- Configuring SIP phone auto-provisioning
Configuring SIP settings
FortiVoice units support SIP communications.
To configure FortiVoice SIP Setting
- Go to System > Advanced > SIP.
- Configure the following:
GUI field
Description
SIP Transport and Internal Ports
SIP communication commonly uses TCP or UDP port 5060 and/or 5061. Port 5060 is used for nonencrypted SIP signaling sessions and port 5061 is typically used for SIP sessions encrypted with Transport Layer Security (TLS). The WebSocket Secure (WSS) protocol establishes a WebSocket over an encrypted TLS connection. The default port is 8089.
Enter the ports as required.
RTP Setting
Port
Enter the starting Real-time Transport Protocol (RTP) port that the FortiVoice unit will use for phone call sessions. If the unit is behind a firewall, these ports should be open. Ensure there is a reasonable port range so that you have enough ports for all open calls. The default port is 5000.
Enter the end RTP port that the FortiVoice unit will use for phone call sessions. Ensure there is a reasonable port range so that you have enough ports for all open calls. The default port is 30000.
Timeout
Enter the amount of time in seconds during an active call that the extension will wait for RTP packets before hanging up the call. 0 means no time limit. The default is 60.
Hold timeout
Enter the amount of time in seconds that the extension will wait on hold for RTP packets before hanging up the call. 0 means no time limit. The default is 300.
Registration Interval
If this is a dynamic account with the VoIP provider, enter the registration interval as required by the VoIP provider. After each registration interval, the FortiVoice unit renews the registration of the account with the VoIP provider.
Extension registration interval range
To keep the extensions’ registration status with the FortiVoice unit, enter the range of extension registration time interval as required by the FortiVoice unit in minutes. An extension’s registration timeout setting is overridden by the FortiVoice unit’s extension registration time interval range if it is out of the range.
The default range is 1 - 480.
The start of the range is 1 - 60 and the end of the range is 30 - 1440.
Internal extension registration interval
Enter the registration time interval for the extensions on your subnet as required by the FortiVoice unit in minutes. The default is 30 and the range is 10-480.
Set a proper value for this option. If it is too low, the performance of the FortiVoice unit is compromised due to frequent registration. If it is too high, the connection between the FortiVoice unit and the extension may terminate.
External extension registration interval
Enter the registration time interval for the extensions on other subnets as required by the FortiVoice unit in seconds. The default is 300 and the range is 30-1800.
Set a proper value for this option. The FortiVoice unit requires that external extensions register more frequently with it to keep the connection. However, if the value is set too low, the performance of the FortiVoice unit is compromised due to frequent registration. If it is too high, the connection between the FortiVoice unit and the extension may terminate.
Subscription Interval
If this is a dynamic account with the VoIP provider, enter the subscription interval as required by the VoIP provider. After each subscription interval, the FortiVoice unit renews the subscription of the account with the VoIP provider.
Extension subscription interval range
To keep the extensions’ subscription status with the FortiVoice unit, enter the range of extension subscription time interval as required by the FortiVoice unit in minutes. An extension’s subscription timeout setting is overridden by the FortiVoice unit’s extension subscription time interval range if it is out of the range.
The default range is 1 - 480.
The start of the range is 1-60 and the end of the range is 30 - 2880.
Extension subscription interval
Enter the subscription time interval for the extensions on your subnet as required by the FortiVoice unit in minutes. The default is 30 and the range is 1 - 1440.
Set a proper value for this option. If it is too low, the performance of the FortiVoice unit is compromised due to frequent subscription. If it is too high, the connection between the FortiVoice unit and the extension may terminate.
Security
By default, the FortiVoice unit screens out incoming calls from unauthenticated source. If you want to change this default setting, select Accept unauthenticated incoming call.
SIP session helper
Select if you do not want the FortiVoice unit to apply NAT or other SIP session help features to SIP traffic. With the SIP session helper disabled, the FortiVoice unit can still accept SIP sessions if they are allowed by a security policy, but the FortiVoice unit will not be able to open pinholes or NAT the addresses in the SIP messages.
Internal network type: Identify the internal networks designated for phone calls on the FortiVoice unit. When a call reaches the public IP address of the FortiVoice unit, it will be routed to one of the internal networks.
Note that modifying internal networks terminate ongoing calls.
This option is only available if you select SIP session helper.
User defined: Configure your own internal network designated for phone calls on the FortiVoice unit.
RFC 1918 predefined: Private IPv4 addresses used for internal traffic that does not route via the Internet.
SIP timer T1
Enter the SIP T1 in milliseconds. This is an estimate of the Round Trip Time (RTT) of transactions between a client and server. For example, when a SIP Client attempts to send a request to a SIP Server, the time it takes between sending out the request to the point of getting a response is the SIP T1 timer. By default the timer is set to 500 milliseconds.
The SIP Timer object is used as specific timing attribute to the SIP Signaling object. Use caution when adjusting these timers because undesired outcomes from lengthy SIP retransmits to an increase in traffic across the network may result.
SIP timer B
This is the INVITE transaction timeout timer. It changes based on the SIP timer T1 value.
ICE support
When the FortiFone softclient is located behind a Network Address Translator (NAT) or FortiFone softclients are on different networks (without internetwork routing), configure the interactive connectivity establishment (ICE) support to allow the FortiVoice phone system to establish a valid audio path with the FortiFone softclient.
To configure the ICE support, you have the following two options:
- Static mapping: Uses the internal and external IP addresses of the FortiVoice phone system.
- STUN server: Uses the IP address of a Session Traversal Utilities for NAT (STUN) server.
Decide which option you want to configure for ICE support.
For information about configuring the static mapping, see Configuring the static mapping for ICE support.
For information about configuring the STUN server, see Configuring the STUN server for ICE support.
- Click Apply.
Configuring the static mapping for ICE support
- Go to System > Advanced > SIP.
- Expand Advanced Setting.
- In ICE Support, select Static mapping.
- Click New.
- Make sure that Enabled is selected.
- Enter the internal and external FortiVoice IP addresses used in your deployment.
- Click Create.
Changing the ICE static mapping restarts the voice process and interrupts all ongoing calls. The call system takes a minute to resume service.
- To continue, click Yes.
- Click Apply.
Configuring the STUN server for ICE support
- Go to System > Advanced > SIP.
- Expand Advanced Setting.
- In ICE Support, select STUN server.
- For STUN server, enter the IP address or host name of a Fortinet or third-party STUN server.
- Click Apply.
Configuring the internal ports
System > Advanced > Service lets you configure the FortiVoice unit listening ports for network communications.
To configure internal port setting
- Go to System > Advanced > Service.
- Change the default HTTP and HTTPS port numbers if required.
- Enable TFTP port if required.
TFTP connection is not secure, and can be intercepted by a third party.
- Other ports are predefined and cannot be changed.
- Click Apply.
Configuring external access
System > Advanced > External Access lets you configure the FortiVoice unit external hostname/IP and ports through which it can be accessed by other devices through the internet.
When external extensions connect to the FortiVoice unit, they get the basic PBX configurations including the external access IP and ports through auto provisioning. They can then use the information to register with the FortiVoice unit. For more information, see Configuring SIP phone auto-provisioning.
Extensions are defined as external in extension configuration. For more information, see Configuring IP extensions.
To configure external access
- Go to System > Advanced > External Access and configure the following:
GUI field
Description
SIP server external hostname/IP address
Enter the hostname/IP for your SIP server external access.
SIP External Ports
Enter the external access ports for SIP transport.
WSS (WebSocket Secure) is used to support FortiFone desktop application.
Other service external hostname/IP address
If you have another service for external access, enter the hostname/IP.
Service External Ports
Enter the external access ports for the other service.
- Click Apply.
Configuring SIP phone auto-provisioning
System > Advanced > Auto Provisioning allows the FortiVoice unit to discover the SIP phones on your network and send the configuration files to them.
With auto-provisioning configured, when a supported FortiFone is connected to the network and powered on, it is automatically discovered and receives the configuration file from the FortiVoice unit. The FortiFone will then reboot with the pushed-in configuration file and register with the FortiVoice unit.
The FortiVoice unit can only auto provision the supported FortiFone phones.
To configure auto-provisioning settings
- Go to System > Advanced > Auto Provisioning and configure the following:
GUI field
Description
Auto Provisioning
Enabled
Select to activate the SIP phone auto-provisioning function for auto discovering the phones.
Not assigned phone (Generate default configuration for not assigned Desktop FortiFone)
This option is only available after auto provisioning is enabled.
Select to generate basic phone configuration files for the supported not assigned SIP desk FortiFone phones. For details, see Viewing desk phones.
With this option selected, once a supported FortiFone connects to the FortiVoice unit and is auto-discovered, the FortiVoice unit sends the basic PBX setup information to it for registering with the FortiVoice unit to be assigned an extension.
If you want to upgrade your phone system and keep the current phone configuration, do not select this option. Otherwise your existing phone configuration will be overridden by the upgraded FortiVoice configuration.
Provisioning protocol
Select the protocol for the phones to retrieve the configuration file from the FortiVoice unit.
Server Setting for Phone Configuration
If you use different servers for SIP, NTP, and LDAP, select to configure the Setting of each server for the supported phones. The servers’ port information reflect the FortiVoice unit’s network interfaces. For details, see Configuring the network interfaces.
- SIP server: Select or click Overrideto enter the current public IP address or public domain name of the server. The SIP phones connect to this server to register.
- NTP server: Select or click Override to enter the current public IP address or public domain name of the server. The SIP phones connect to this server to synchronize time.
- LDAP contact: Select or click Override to enter the current public IP address or public domain name of the server. The SIP phones connect to this server to receive phone directories.
- Provisioning server: If you use a specific server to send PBX setup information to the phones, select or click Override to enter the current public IP address or public domain name of the server. The SIP phones connect to this server to receive the full PBX setup information.
Auto Discovery
If phone auto discovery is required, enable SIPPnP multicast function for the connected phones to find the provisioning server contained in its message for the phones.
You can also click the DHCP server link to select or add a server that contains provisioning server information in its message for the phones to look for. For more information, see Configuring DHCP server.
SIPPnP multicast and DHCP server do not conflict although SIPPnP has priority. Phones can retrieve provisioning server information from either of the two.
Other Setting
Secondary account (Enable secondary account for Desktop FortiFone)
In addition to the main account, secondary accounts can be added on the same FortiVoice unit.
When you add a secondary account to your extension, you can set the secondary extension to ring at the same time as your existing extension. However, the secondary extension operates separately. For example, extension 100 sets extension 200 to be a secondary account. When a call comes in to extension 100, both extensions (100 and 200) will ring and you can answer one of them. In the same example, if a call comes into extension 200, only extension 200 will ring.
When you add a secondary account to your extension, make sure that the SIP profile of the main device on the secondary account MUST be the same as the SIP profile of the primary account device. For more information about SIP profiles, see Configuring SIP profiles.
Select this option in order to add a secondary account when configuring extensions. For details, see Advanced.
Administrator PIN to provision phone
Click and enter a global password to be used by an administrator to connect a FortiFone phone to the FortiVoice unit to set mobile extension number. This password is also used by the administrator to override schedules. For details, see Configuring system capacity.
For example, you can press the default Configure Phone feature code *17 (See Modifying feature access codes) on any FortiFone phone that connects to the FortiVoice unit and enter this password. You can then enter an existing extension to set it as the extension of this phone.
Backward support of legacy FortiFone (FON 470/870/360/460/
560) (Obsolescent)If you have legacy FortiFone phones, select this option for backward provisioning support.
TFTP provisioning server contains phone auto provisioning information for the phones.
mDNS multicast address allows the connected phones to find the provisioning server contained in the mDNS multicast server message.
- Click Apply.