Setting Up FortiVoice Softphones for Desktop and Mobile

Fortinet has a fantastic voice solution.  It is the FortiVoice Enterprise or FVE.  I have many customers that are running it.  One of the things that seems to be very relevant is the remote access via Soft Phones.  Here is an article on setting up the soft phones.

First things first.  You will need to get a license for the Soft Phones.  Below are the part numbers you can use (Note: Check with your Fortinet sales team to ensure this is updated)

FVE-SCLIENT-10
FVE-SCLIENT-100

In my lab, I have a 1000E which will support 1000 extensions.  Check out this datasheet for the enterprise boxes.

On the FortiVoice

You will need to register at the Fortinet Support site and then download the license.

Go to System then Advanced then choose the SIP tab on the top.

1. Make note of the ports you are going to be using.  For the purposes of Softphones, you need to make sure you have the WSS port number.
2. Also, you need to note the RTP ports being used.  In my case 10000 - 30000
3. Ensure the SIP session helper is NOT enabled under Advanced Settings

Now move to the External Access tab.

Here you will need to add the FQDN you FVE will be reachable at.

1. Now you will need to go to your extension or the extension in question.
2. Then choose Edit

You will be able to see the Device Settings section.  Choose the Soft Phone tab.  Now you will have both sip_mobile_default and sip_desktop_default options.  For the desktop profile, you will need to ensure you have wss as the protocol.

Next we need to head to the CLI on the FVE.  You can either do that with SecureCRT, PuTTy or your favorite SSH client, or via the GUI by going to Dashboard then click the console tab on the top.

Once you are on the CLI you will need to add the following lines:

config system sip-setting
   config ice-ip-mapping
       edit 1
           set internal-ipaddr <private ip address on interface or VIP for HA>
           set external-ipaddr <public ip address on router/firewall>
        next
      end
   end

If you do NOT have this cli command, you will know because you will not have audio.  You will see the set up of the call, but then no audio.

Thank you Zainab Bukhari from Fortinet for pointing out the you will need to run another command after entering the CLI info above.

execute reload voiced

On the FortiGate

We need to have a VIP for the FortiVoice system.

Create a service for voice traffic.  As you can see, I am using UDP 10000 - 30000

Here are the ports you need to have open.  For the desktop client, you only need WSS but if you are also going to use mobile then you need to add SIP as well.

Hope this helps