Configuring FortiFone softclient for mobile settings on FortiVoice
Perform the following procedures to configure FortiFone softclient for mobile settings on the FortiVoice phone system:
Prior to starting the configuration, make sure you complete the recipes in Licensing to purchase, register, and upload a FortiFone softclient license. |
Unless otherwise specified, steps in this FortiFone softclient section apply to SIP over TCP, UDP, and TLS. |
- Upload the FortiFone softclient license
- Configure external access settings
- Configure a SIP profile
- Assign the FortiFone softclient to a FortiVoice extension
- Export the FortiVoice server certificate for SIP over TLS
Upload the FortiFone softclient license
Prior to starting the configuration, make sure you upload the FortiFone softclient license to the FortiVoice phone system.
For information about purchasing, registering, and uploading a license, see Licensing.
Configure external access settings
The ports shown are not necessary and the defaults may be used. If you were to need external access, these are the ports you would need to configure in FortiGate as a Virtual IP under Policy & Objects.
- On FortiVoice, go to System > Advanced > External Access.
- Set SIP server external hostname/IP address to the IP address or FQDN of the FortiVoice device and configure using either the default external ports or ports such as the example below:
- Go to System > Advanced > SIP.
- Under Advanced Setting, make sure that SIP session helper is disabled.
Configure a SIP profile
FortiVoice includes a default SIP profile (sip_mobile_fortifone_default). If your deployment uses SIP over TCP, then you can use this default profile, and skip this procedure.
If your deployment requires SIP over UDP or TLS, then you can create a new SIP profile.
- On FortiVoice, go to Phone System > Profile > SIP.
- Click New > Mobile.
- In Name, enter a name for this SIP profile.
- Select a DTMF setting.
- Enable NAT.
- In Transport, select the protocol. If you select TLS, then enable Secure RTP.
- Click Create.
Example for configuring a SIP profile for UDP:
Example for configuring a SIP profile for TLS:
Assign the FortiFone softclient to a FortiVoice extension
- On FortiVoice, go to Extension > Extension > IP Extension and click New.
- Enter a Number.
- Under Device Setting, click the Soft FortiPhone tab.
- In License allocation, specify the value to configure.
- In Android/iOS, leave the default profile (sip_mobile_fortifone_default) or select the profile that you configured in Configure a SIP profile.
- Click Create.
- If your deployment uses SIP over TLS, go to Export the FortiVoice server certificate for SIP over TLS.
If your deployment uses SIP over TCP or UDP, go to Configuring FortiGate for SIP over TCP or UDP.
Export the FortiVoice server certificate for SIP over TLS
- On FortiVoice, go to System > Certificate > Local Certificate.
- In the list, select FortiVoiceSIPServer. This is the default certificate for the SIP service. If you are using a custom certificate, select that one instead of the default.
- Click Download and select Download PKCS12 File.
The PKCS12 Certificate Download dialog opens.
- In Password and Confirm password, enter a password to encrypt the key.
- To download the file, click OK.
- To save the file locally, click OK.
- Take note of the location where you save the file.
- Go to Configuring FortiGate for SIP over TLS.