Home » Forums » trixbox Pro » trixbox Pro Help

trixbox pro behind dual WAN firewall/router

beaudettee
Posts: 57
 Member Since:
2007-05-02
Submitted by beaudettee on Mon, 03/31/2008 - 8:44am.

Hi All:
Here is my config:
I have a FortiGate FG-100a with a dual WAN connection. I have all port 80 traffic being routed out of WAN 1 (8mb connection) and am trying to get all SIP traffic from my trixbox pro system to route out of WAN 2 (VPN to fonality over port range TCP 8000-9000, UDP/10445-20000:10445-20000 for remote softphones and SIP ). My problem is with fonalities dunamic dns. I assume that because all other traffic (including DNS and HTTP) are going out over WAN 1, is the trxbox system setting it's external IP address to whichever address it gets via http? If so, is there a way to force their (fonality) dynamic DNS to a static address of say, my external WAN2 connection?

Any help would be greatly appreciated as I cannot get any of my remote clients to connect.

Thanks.

Eric B

‹ Voice Prompts Bug! Does anyone know where trixbox pro goes to register? ›

&nbsp

beaudettee
Posts: 57
 Member Since:
2007-05-02
simpler question
Mon, 03/31/2008 - 12:32pm

Anyone know where (destination Ip) the trixbox pro boxes go to register (setup VPN, receive Dynamic DNS etc..)> I want to create a static route in my firewall between my trixbox pro box and fonality to force all traffic over my WAN 2 connection.

Please let me know, and thanks.

E


&nbsp

beaudettee
Posts: 57
 Member Since:
2007-05-02
Fortinet Dual WAN firewall/router solved
Thu, 04/03/2008 - 7:58am

Solution:
Setup trixbox Pro system in separate DMZ and assign a VIP to the box using a static external IP routed to the internal address of the trixbox. I also setup a policy route from the trixbox internal IP to force all traffic out a specific WAN port (my SLAd WAN 2 port) and policy routes to all internal net legs where my phones reside. On the FG100A policy routes trump static routes.

By doing this NAT worked correctly because of the dedicated external IP.
Ports assigned:
UDP:
9710-65535:9710-65535
5000:5000
1-65535:4569
Services allowed to Box:
HTTP,HTTPS, SIP, SSH, trixbox rtp (includes above ports)

Hope that helps someone else. It was a grueling experience and I could not have done it without the help of the Fortinet support folks and the guys in the FG forum.


&nbsp

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.