Fortinet MR1 User's Manual
Contents
1. Configuring network settings for the devices on the Internal network You can configure the PCs and other devices on the internal network to get their network configuration automatically using DHCP If required you can also configure devices on the internal network with static IP addresses on the 172 20 120 0 subnet but outside the range awarded by the FortiGate Voice DHCP server Example static TCP IP configuration IP Address 172 20 120 20 Subnet Mask 255 255 255 0 Default Gateway 172 20 120 10 DNS Server 172 20 120 10 You can also use the same network configuration for the SIP phones on the internal network Configuring the FortiGate Voice PSTN and PBX settings The procedures in this section describe how to configure the FortiGate Voice unit as the PBX for SIP phones on the branch office internal network These procedures describe how to configure many of the FortiGate Voice PSTN and PBX features PSTN features are supported on some FortiGate Voice models The following procedures are included e To configure the fxo1 PSTN interface e To configure basic PBX system and voicemail notification settings To add a VoIP provider e To add a dial plan for dialing the PSTN and the main office To add the extensions that are on the branch office internal network To configure the fxo1 PSTN interface This procedure describes how to configure the FortiGate Voice fxo1 PSTN interface to connect the FortiGate Voice unit to one PSTN phon2. Connecting the FortiGate Voice unit The following procedure describes how to connect the FortiGate Voice unit to the Internet the branch office internal network and the PSTN supported by some FortiGate Voice models To connect the FortiGate Voice unit 1 Use an Ethernet cable to connect the FortiGate Voice wan 1 interface to the device that connects the branch office to the Internet The device could be a cable or DSL modem or other device depending on how the Branch Office connects to the Internet 2 Use Ethernet cables to connect the PCs and FortiFones on the internal network to the FortiGate Voice internal interface switch connectors You can connect up to 8 PCs and FortiFones directly to the FortiGate Voice Internal interface switch connectors To connect more devices add Ethernet switches to your network as required 3 Use an RJ 45 telephone cable to connect the FortiGate Voice fxo1 port to the branch office PSTN phone line supplied by your local telephone service provider Configuring basic FortiGate Voice network and UTM settings The following procedures describe how to configure a FortiGate Voice to provide basic Internet connectivity network services and UTM services for the branch office internal network Network services include configuring the FortiGate Voice to be the DHCP server and DNS server for the internal network As part of the FortiGate Voice network interface configuration you must enable SIP Traffic on
3. FortiGate Voice Version 4 0 MR1 Administration Guide Visit http support fortinet com to register your FortiGate Voice product By registering you can receive product updates technical support and FortiGuard services ART MET UNIFIED THREAT MANAGEMENT SOLUTIONS FortiGate Voice Administration Guide Version 4 0 MR1 1 June 2010 01 410 112851 20100601 Copyright 2010 Fortinet Inc All rights reserved No part of this publication including text examples diagrams or illustrations may be reproduced transmitted or translated in any form or by any means electronic mechanical manual optical or otherwise for any purpose without prior written permission of Fortinet Inc Trademarks Dynamic Threat Prevention System DTPS APSecure FortiASIC FortiBlIOS FortiBridge FortiClient FortiGate FortiGate Unified Threat Management System FortiGuard FortiGuard Antispam FortiGuard Antivirus FortiGuard Intrusion FortiGuard Web FortiLog FortiAnalyzer FortiManager Fortinet FortiOS FortiPartner FortiProtect FortiReporter FortiResponse FortiShield FortiVolP and FortiWiFi are trademarks of Fortinet Inc in the United States and or other countries The names of actual companies and products mentioned herein may be the trademarks of their respective owners Contents Contents Introduction AA 5 Fortinet PROGUCUS oseere anaa aE ae naa eaa Ea aa AEE aapa aie Ea asee arapi Raai 6 Before You bEgini BASTA NA
4. The Fortinet Technical Documentation web site http docs fortinet com provides the most up to date versions of Fortinet publications as well as additional technical documentation such as technical notes In addition to the Fortinet Technical Documentation web site you can find Fortinet technical documentation on the Fortinet Tools and Documentation CD and on the Fortinet Knowledge Center FortiGate Voice Version 4 0 MR1 Administration Guide 01 410 112851 20100601 15 http docs fortinet com Feedback Customer service and technical support Fortinet Tools and Documentation CD Many Fortinet publications are available on the Fortinet Tools and Documentation CD shipped with your Fortinet product The documents on this CD are current at shipping time For current versions of Fortinet documentation visit the Fortinet Technical Documentation web site http docs fortinet com Fortinet Knowledge Base The Fortinet Knowledge Base provides additional Fortinet technical documentation such as troubleshooting and how to articles examples FAQs technical notes a glossary and more Visit the Fortinet Knowledge Base at http kb fortinet com Comments on Fortinet technical documentation Please send information about any errors or omissions in this or any Fortinet technical document to techdoc fortinet com Customer service and technical support Fortinet Technical Support provides services designed to make sure that your Forti
5. To configure FortiFones behind a NAT device on a remote network The following steps describe how to configure a FortiFone on the remote network with extension number 6010 1 2 ao a BA QOQ Connect and power on the FortiFone handset Connect to the handset web configuration interface The default web configuration interface address is http 192 168 0 1 To connect to this address from a PC your PC should have an IP address on the 192 168 0 0 subnet for example 192 168 0 10 255 255 255 0 The default Username is root No password is required Go to Network gt LAN Settings and set the P Type to DHCP Client and select Submit Select Save amp Reboot to save the IP addressing change Log into the FortiFone using the IP address it acquired from the DHCP server Go to SIP Settings gt Service Domain and add the following configuration information Active On Display Name The name to be displayed on the phone This name is only displayed on this phone When this phone calls another phone the name displayed is the First Name and Last Name added to the FortiGate Voice Extension configuration User Name 6010 This is actually the Line Number or Extension Number and must match the Extension Number added to the FortiGate Voice Extension configuration for this phone Register Name 6010 The Register Name is used to authenticate the FortiFone and must match the Extension Number added to the FortiGate Voice Extension configuration fo
6. IP address of an email server that the FortiGate Voice unit can send email notifications to when PBX users receive a voicemail For example mail example com You can optionally create an email account on the email server for the FortiGate Voice unit Authentication Select if the email server requires authentication User Name Enter a valid username for an account on the email server Password Enter the password for the account on the email sever 4 Select Apply to save the changes To add a VoIP provider Use the following procedure to add the information required by the FortiGate Voice unit to use a VoIP provider for routing SIP calls on the main office In the example the organization uses a third party VoIP provider to handle VoIP calls between the head office and the branch office 1 Go to PBX gt Service Providers gt SIP Trunk 2 Configure the following settings Name VolP Provider 1 A name for the VoIP provider This can be any name Domain 192 168 20 10 The VoIP provider s IP address This could also be the VoIP providers domain name for example voip example com User Name Enter a valid user name for an account on the VoIP provider s server This could also be a phone number including area code depending on the requirements of the VolP provider Password Enter the password for the account on the VolP provider s SIP sever Authorization User Name Enter a valid authorization user name for an account on the VoIP p
7. Interval 120 seconds DTMF Method auto z Name Enter the name for the VolP provider configuration This can be any name Domain The VolP provider s domain name or IP address For example 172 20 120 11 or voip example com User Name Enter a valid user name for an account on the VolP provider s server This could also be a phone number including area code depending on the requirements of the VolP provider Password Enter the password for the account on the VolP provider s SIP sever Authorization User Name Display User Name Account Type Registration Interval DTMF Method Configuring extensions Enter a valid authorization user name for an account on the VolP provider s server if required by the VolP provider Enter a valid display user name for an account on the VolP provider s server if required by the VolP provider Select Static or Dynamic depending on the account with the VoIP provider If this is a dynamic account with the VoIP provider enter the registration interval as required by the VoIP provider After each registration interval the FortiGate Voice renews the registration of the account with the VoIP provider Select the DTMF method used by the VoIP provider Options are RFC2833 Inband Info and Auto Auto means the VoIP provider s server and the FortiGate Voice unit will negotiate to select a DTMF method You could also select a specific DTMF method if required Extensions provide specific inf
8. No cphone number system default extension Enter the FortiGate Voice extension number the call is No lt extension numbers directed to default comment Enter a description if applicable about the direct inward No comment strings dial configuration default config pbx extension Use this command to add SIP phone extensions to the FortiGate Voice unit Syntax config pbx extension edit extension number set attach enable disable set auto delete enable disable set dialplan lt dialplan_ name gt set email suser emails set email notify user email address gt set first name first name set last name lt surname name gt set nat no yes set secret user password set type conference ivr sip phone set vm secret lt user password set voicemail enable disable set max msg lt max messages allowed gt end Variables Description Default edit Enter the extension number The extension number has to No lt extension number gt match the config pbx global extension pattern default attach Enable the voicemail message as an attachment in an No enable disable email default auto delete Enable to automatically delete voice mail No enable disable default dialplan Enter the dial plan that you want to use for the extension No lt dialplan_ name gt default email user email gt Enter the user s email address No default email notify Enter the email address of the user that will be used when No notifyin
9. PSTN 2 Configure FortiGate Voice unit network and UTM settings The network configuration includes enabling the S P Traffic option on the internal and wan 1 interfaces You must enable SIP traffic on these interfaces to accept and process SIP calls No other special network configuration firewall policies or routing is required for the FortiGate Voice to accept and process SIP calls Note You do not have to add SIP firewall policies to enable SIP traffic for the FortiGate Z Voice unit to function as a PBX Also with PBX functionality enabled you cannot apply FortiGate SIP application control features to SIP traffic received by FortiGate Voice interfaces for which you have enabled the SIP Traffic option This example also describes how to configure the FortiGate Voice as a DHCP server and DNS server for the branch office internal network As a DHCP server the FortiGate Voice can supply network configuration settings for the PCs and FortiFones on the internal network 3 Configure network settings for the PCs on the Internal network 4 Configuring the FortiGate Voice PSTN and PBX settings 18 FortiGate Voice Version 4 0 MR1 Administration Guide 01 410 112851 20100601 http docs fortinet com Feedback Example FortiGate Voice branch office configuration Connecting the FortiGate Voice unit 5 Configure the FortiFones on the internal network 6 Configuring the FortiGate Voice unit to SIP phone users behind a remote NAT device
10. are named fxo1 fxo2 and so on To configure the PSTN interfaces go to System gt Network gt PSTN Interface configure settings for the fxo interface and then select OK FortiGate Voice Version 4 0 MR1 Administration Guide 34 01 410 112851 20100601 http docs fortinet com Feedback FortiGate Voice web based manager configuration reference Configuring PSTN interfaces Figure 6 Configuring PSTN interfaces Column Settings Name Phone Number Display Name Catch Caller ID Administrative Status fxol 123 4560 Example Q o Pi fxo2 o Pi fxo3 7 it Pi fxod Q o Edit PSTN Interface Edit Basic Options Name fxo1 Phone Number 123 445650 Display Name example Oo Caller ID Options Catch Caller ID Vv Caller ID Protocol fel Caller ID Indicator Ring C Polarity Ring ooo 1 4 Hang up Options Hang up on Polarity Reversal Hang up on Busy Tone Vv Busy Tone Detection pooo aa Busy Tone Duration 500 milliseconds Busy Tone Interval 500 milliseconds Administrative Status UpO C Down CD Cancel General PSTN interface settings Column Settings Name Phone Number Display Name Administrative Status Catch Caller ID Select to add or remove columns This changes what information appears The name of the PSTN interface The phone number that is associated with that PSTN interface The name that displays on the phone s LCD Status of the PSTN interface A red down arrow indicates that the
11. fictional and follow the documentation guidelines specific to Fortinet The addresses used are from the private IP address ranges defined in RFC 1918 Address Allocation for Private Internets available at http ietf org rfc rfc1918 txt number 1918 Most of the examples in this document use the following IP addressing e P addresses are made up of A B C D A e B e C can be one of 192 172 or 10 the non public addresses covered in RFC 1918 168 or the branch device virtual device number Branch number can be 0xx 1xx 2xx 0 is Head office 1 is remote 2 is other Device or virtual device allows multiple FortiGate units in this address space VDOMs Devices can be from x01 to x99 interface FortiGate units can have up to 40 interfaces potentially more than one on the same subnet D 001 099 physical address ports and non virtual interfaces 100 255 VLANs tunnels aggregate links redundant links vdom links etc usage based addresses this part is determined by what device is doing The following gives 16 reserved 140 users and 100 servers in the subnet 001 009 reserved for networking hardware like routers gateways etc 010 099 DHCP range users 100 109 FortiGate devices typically only use 100 110 199 servers in general see later for details 200 249 static range users 250 255 reserved 255 is broadcast 000 not used The D segment servers can be farther broke
12. group end end Variables Description Default comment Enter a description of the voice menu settings if No lt comment string applicable default config press 0 Use this command when configuring what action each No press 1 press 2 number on the phone s keypad will take default press 3 press 4 For example you want the personnel directory to come up PAA ANA every time someone presses 1 config press 1 a P variable would have the type directory selected in press 7 press 8 type press 9 type directory Enter the type of action that is associated with the specific No none ring group number on the phone s keypad For example the office default voicemail phone directory is heard when a caller presses 0 because config press 0 has directory as its type ring group Enter to include a specific ring group if you have select No ring group in type This variable appears only when default ring group is selected in type config pbx voip provider Use this command to configure the VolP provider for the PBX FortiGate Voice Version 4 0 MR1 Administration Guide 01 410 112851 20100601 55 http docs fortinet com Feedback config pbx voip provider FortiGate Voice VoIP PBX and PSTN CLI Reference Syntax config pbx voip provider edit lt provider name gt set user lt user name gt set domain lt VoIP provider address ipv4 gt lt VoIP provider
13. of the active calls being processed by the FortiGate Voice unit extension lt list gt Enter to display the status of all extensions with SIP phones that have connected to the FortiGate Voice unit FortiGate Voice Version 4 0 MR1 Administration Guide 58 01 410 112851 20100601 http docs fortinet com e Feedback FortiGate Voice VolP PBX and PSTN CLI Reference execute pbx Variables Description music on hold Enter to either delete list or upload music on hold files You can delete list upload music on hold files using FTP TFTP or from a USB drive upload plugged into the FortiGate Voice unit prompt upload ftp Upload new pbx voice prompt files using FTP The voice prompt files lt file tgz gt should be added to a tar file and zipped This file would usually have the extension tgz You must include the filename FTP server address domain name of IPv4 address and if required the username and port lt username gt password for the server cftp server address gt password gt prompt upload tftp Upload new pbx voice prompt files using TFTP The voice prompt files lt file tgz gt should be added to a tar file and zipped This file would usually have lt ftp server address gt aia tgz You must include the filename and TFTP server IP port lt username gt i password gt prompt upload usb Upload new pbx voice prompt files from a USB drive plugged into the lt file tgz gt For
14. office configuration Configuring the FortiGate Voice PSTN and PBX settings In addition to PSTN and head office support the dial plan must also support Emergency international toll free and long distance dialing Use the following steps to add a dial plan with the following dial plan rules kh O N Allows the branch office to call the PSTN e Dialing 911 for emergencies e Dialing 9 followed by a country code for international calls e Dialing 9 followed by 18 for toll free calls e Dialing 9 followed by 1 for long distance calls e Dialing 9 for all other PSTN calls Allows the branch office to dial head office extensions directly The dial plan rule sends calls starting with 2 to the VoIP provider where they are routed to the head office This dial plan does not include any other settings because users dial the head office extension number directly without a prefix Go to PBX gt Calling Rules gt Dial Plan and select Create New Add a name for the new dial plan for example Dial Plan 1 Select OK Select Create New to add the dial plan rule for dialing 911 for emergencies Name Emergency Use Default Outgoing Prefix Not selected 9 Phone number Begin with 911 Action Allow Outgoing Selected PSTN fxo1 Select Create New to add the dial plan rule for dialing 9 followed by a country code for international calls Name International Use Default Outgoing Prefix Selected 9 Phone number Begin with 011 Act
15. options available 3 Select the check box beside PBX event Viewing log messages You can view the PBX activities and events from Log4 Report gt Log Access The log messages can be filtered so that you are viewing specific information or you can display them in Raw format Raw format is the format of what a log message actually appears in the log file To view PBX log messages go to Log amp Report gt Log Access and then select the tab associated with the logging device you chose to store logs on For example you want to view PBX log messages from the FortiAnalyzer unit that they are on so you select Log amp Report gt Log Access gt FortiAnalyzer For more information about log messages see the FortiGate Log Message Reference and also the Logging and Reporting in FortiOS 4 0 User Guide Example PBX log messages The following log message indicates that the phone with FortiGate Voice extension number 6005 called 914036085000 and the call was routed to the skype 088adb08 service provider The call was answered and lasted for 1869 seconds 2010 03 12 12 53 27 log_id 0162043782 type event subtype pbx pri information fwver 040000 vd root action PBX call clid 6005 src 6005 dst 914036085000 channel SIP 6005 088a7c08 dstchannel SIP skype 088adb08 duration 1869 start Fri Mar 12 12 22 18 2010 end Fri Mar 12 12 53 27 2010 disposition ANSWERED msg call from 6005 gt 914036085000 ANSWERED for 1869 seconds The following l
16. or region in which you are installing the FortiGate Voice unit FortiGate Voice Version 4 0 MR1 Administration Guide 01 410 112851 20100601 http docs fortinet com Feedback 45 PBX configuration FortiGate Voice web based manager configuration reference Voicemail Access Enter the exact pattern that PBX users dial to get their voicemail For example for users to dial 99 to get their voice mail enter 99 Outgoing Prefix The number that PBX users must dial to get an outside line For example if users should dial 9 to get an outside line add 9 to this field The outgoing prefix should not be the same as the first number of the extension range Max Voicemail Select No Limit if you don t want to limit the voice mail duration Otherwise Duration enter a maximum time in seconds for voice mail recordings Voicemail Notification Email Settings SMTP server Enter the email server IP address or domain name The FortiGate Voice unit uses this email server for sending voicemail notification emails to PBX users Authentication Select if the email server requires authentication If you enable authentication you must also add a username and password User Name Enter a valid username for an account on the email server Password Enter the password for the account on the email sever Monitoring calls You can monitor incoming and outgoing calls from PBX gt Monitor gt Active Call You can view information for all active cal
17. the internal and wan1 interfaces so that the FortiGate Voice unit accepts SIP sessions received by these interfaces No other special network configuration firewall policies or routing is required for the FortiGate Voice to accept SIP sessions from configured extensions To configure basic network settings 1 Connect to the FortiGate Voice web based manager 2 Goto System gt Network gt Interface 3 Edit the internal interface and configure the following settings Addressing Mode Manual IP Netmask 172 20 120 10 255 255 255 0 SIP Traffic Select Enable Configure other network interface settings as required and select OK 4 Edit the wan7 interface and configure the following settings FortiGate Voice Version 4 0 MR1 Administration Guide 01 410 112851 20100601 19 http docs fortinet com e Feedback Configuring basic FortiGate Voice network and UTM settings Addressing Mode Manual IP Netmask 192 168 10 10 255 255 255 0 SIP Traffic Select Enable Configure other network interface settings as required and select OK depending on the requirements of your ISP In the example the wan interface has a static Note You can also set the Addressing mode to DHCP or PPPoE for the wan1 interface Z IP address 5 Goto System gt Network gt Options 6 Add the IP addresses of the primary and secondary DNS servers used by the branch office provided by your ISP 7 Selected internal for Enable DNS forwarding from so that users on the
18. ANANA 55 cohfig systemi ps NANANA ANAKAN 57 config system interface eee eeeeeeeeeeeeeeeeeeeeeesesseeeeeeeeseeeeeeeeesseeeeseeesseeneees 58 execute PDX maa NAG BANANA NAG aara aaa aaa eaaa NAA AA BAD 58 diagnose PDX restart GA NARIN NANANA ABG E Eba 60 FortiGate Voice Version 4 0 MR1 Administration Guide 01 410 112851 20100601 http docs fortinet com e Feedback Introduction Introduction FortiGate Voice units integrate FortiGate UTM functionality with VolP phone PBX functionality Some FortiGate Voice models also support connections to the public switched telephone network PSTN A small office or an enterprise branch office can use a FortiGate Voice unit to provide routing Ethernet switching Internet connectivity UTM security VolP gateway and VolP PBX features for the office FortiGate Voice PBX functionality includes Four Foreign eXchange Office FXO interfaces for connected to up to 4 standard public switch telephone network PSTN phone lines some FortiGate Voice models e Flexible number dial plans e Standard VoIP PBX feature set e Integrated dial back up modem and optional 3G wireless cards e Voicemail e Message notification Unified messaging e Music on hold e Automatic Call Distribution ACD e Basic conferencing e Statistics and logging Figure 1 FortiGate Voice Network connections PT a x ISP IMS P NGN ST VPN Service Provider etc Network SIP Tru
19. BAGNBRASATRASARENESINANA NAAN 6 How this guide is organized 2 1mmaannannna aaa NANANA 6 Docuiment CONVENTIONS aNG NGARAN ANAN BAGAN 9 IP AACPOSSES AYA 9 Example Network Configuration 0 cccceeceeeeeeeeeeeeeeeeenaaeeeeeeeaaeeeeeeeaaaeeeseeeseeeeeeeeaas 11 Cautions Notes and TIPS ANU ANAN KINALKAL SAN AN 12 Typographical conventions a aaanaawwawananaaaaanaaanaaaanansasanasnnasasasnnnaasssssrsaassssarana 13 CLI command syntax CONVENTIONS mmmaaaaawanananawwwaaaanawawawaanaananawanannasansaaassssannanans 13 Registering your Fortinet product nenne 15 Fortinet products End User License Agreement 15 TFaINING 7 MANIA Satna A E A DE E E a 15 Documentation 2X GAGANA 15 Fortinet Tools and Documentation CD 000 0 anannnwwawawannawaawawaanannanawaanannsannaassssssrnanans 16 Fortinet Knowledge Base icici contended AA anes noe 16 Comments on Fortinet technical documentation cceceeeeecceeeeeeeenteeeeeeenteeeeeeeeaas 16 Customer service and technical SUPPoOTt s eeeeeee eee ee eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeenes 16 Example FortiGate Voice branch office configuration 17 General configuration steps a 18 Connecting the FortiGate Voice unit 19 Configuring basic FortiGate Voice network and UTM settings 2 2masnaaan 19 Configuring network settings for the devices on the Internal netwo
20. Gate 5005FA2 Port1 10 21 101 102 FortiGate 5005FA2 Portt 10 21 101 103 Wa I I Port4 FortiGate 3810A 10 22 101 100 Port1 10 21 101 160 FortiSwitch 5003A Port1 10 21 101 161 FortiManager 3000B a7 FortiGate 5050SM Port1 10 21 101 104 FortiGate 5050SM l l l Bt a al Linux PC Port1 10 22 101 104 10 21 101 10 FortiGate Voice Version 4 0 MR1 Administration Guide 01 410 112851 20100601 11 http docs fortinet com Feedback Document conventions Cautions Notes and Tips Fortinet technical documentation uses the following guidance and styles for cautions notes and tips Caution Warns you about commands or procedures that could have unexpected or undesirable results including loss of data or damage to equipment Note Presents useful information but usually focused on an alternative optional method such as a shortcut to perform a step G Tip Highlights useful additional information often tailored to your workplace activity FortiGate Voice Version 4 0 MR1 Administration Guide 12 01 410 112851 20100601 http docs fortinet com Feedback Document conventions Typographical conventions Fortinet documentation uses the following typographical conventions Table 2 Typographical conventions in Fortinet technical documentation Convention Example Button menu text box field or check box label From Minimum log level
21. Use the following procedure to configure PBX system settings and voicemail notification email settings that affect the overall performance of the PBX service and all of the users of it Usually you would configure these settings once and rarely thereafter 1 Goto PBX gt Calling Rules gt Setting 2 Configure the following settings 6XXX The example extension range means that every extension added to the FortiGate Voice unit must have an extension that begins with the number 6 and includes three more numbers Extension Range Country Code Enter the international country calling code for the country or region in which you are installing the FortiGate Voice unit Local Area Code Enter the local area code for the country or region in which you are installing the FortiGate Voice unit Voicemail Access 97 Phone users on the internal network can dial 97 to get their voicemail Outgoing Prefix 9 Phone users must dial 9 to get an outside line The outgoing prefix should not be the same as the first number of the extension range 60 seconds Limits a single voicemail message to 60 seconds Max Voicemail Duration 3 Configure the voicemail notification email settings FortiGate Voice Version 4 0 MR1 Administration Guide 01 410 112851 20100601 http docs fortinet com e Feedback 23 Configuring the FortiGate Voice PSTN and PBX settings Example FortiGate Voice branch office configuration SMTP Server The name or
22. ailable the FortiGuard page lists new version information for the FortiGate services and definitions The system dashboard license information widget also displays new dates and version numbers for the FortiGuard definitions Messages are recorded to the event log indicating whether the update was successful or not To configure basic Internet access and UTM features This procedure describes how to add a firewall policy that allows users on the internal network to connect to the Internet The firewall policy includes the scan protection profile to apply UTM features in this case virus scanning to this traffic This configuration is not required for VoIP support It just provides users on the internal network with UTM protected access to the Internet 1 Goto Firewall gt Policy and select Create New to add a new firewall policy 2 Configure the following settings Source Interface Zone internal Source Address all Destination Interface Zone want Destination Address all Schedule always Service ANY Action ACCEPT 3 Select Protection Profile and select the scan protection profile to apply UTM virus scanning to the traffic accepted by the firewall policy 4 Select OK to save the firewall policy FortiGate Voice Version 4 0 MR1 Administration Guide 01 410 112851 20100601 21 http docs fortinet com e Feedback Configuring network settings for the devices on the Internal network Example FortiGate Voice branch office configuration
23. ch as a default T company name that identifies the branch office cid number Enter the phone number of the PSTN phone line as No caller name gt provided by your phone service provider default status Enable the status of the port No enable disable default user callerid Enable to catch the caller ID No enable disable default cid signalling bell Enter the caller ID protocol The protocol v23 jp is the v23 No dtmf v23 protocol for Japan default v23 jp cid start Enter to start transmitting the caller ID No polarity ring default send callerid after Enter a number for the number of rings after that the caller No lt integer gt ID began to transmit default hangup on polarity Enter to have the phone hang up when there is polarity No reversal reversal default hangup on zero Enter to have the phone hang up when there is zero No voltage voltage default hangup on busy tone Enter to have the phone hang up when a busy tone is No detected default busycount lt integer gt Entera number for the accurate number of busy tones that No are detected default FortiGate Voice Version 4 0 MR1 Administration Guide 01 410 112851 20100601 http docs fortinet com e Feedback 57 config system interface FortiGate Voice VoIP PBX and PSTN CLI Reference Variables Description Default busy tone length Enter a number that determines how logn the busy tone is No lt integer gt on default bus
24. criptive name for the dial plan rule Select this checkbox if the dial plan rule should use the default outgoing prefix usually 9 If you clear the Use Default Outgoing Prefix checkbox you can enter a different outgoing prefix for this dial plan Enter the leading digits of the phone number that this dial plan rule should match with For example a dial plan rule for toll free numbers in North America should begin with 18 The FortiGate Voice uses a best match to match a dialed number with a dial plan So each dial plan should have a different Phone number Begin with setting But you should plan your dial plan to make sure that unexpected matches do not occur FortiGate Voice Version 4 0 MR1 Administration Guide 01 410 112851 20100601 http docs fortinet com Feedback 41 PBX configuration FortiGate Voice web based manager configuration reference Prepend Add digits that should be prepended or added to the beginning of the dialed number before the call is forwarded to its destination You can prepend digits at the beginning of a call of special dialing is required to reach and external phone system Action Set the action to Allow if this dial plan rule should allow a call Set the action to Block if the dial plan should block a call For example if you want to block international calls you could set the Phone Number begin with to 011 and set the action to block O
25. default rfc2833 codec alaw g729 Enter the most preferred Codec for the VolP provider ulaw Jnone ulaw codecl alaw 9729 Enter the second most preferred Codec for the VolP none none ulaw provider codec2 alaw g729 Enter the third most preferred Codec for the VolP none none ulaw provider 56 FortiGate Voice Version 4 0 MR1 Administration Guide 01 410 112851 20100601 http docs fortinet com Feedback FortiGate Voice VoIP PBX and PSTN CLI Reference contig system pstn config system pstn Use this command to configure the PSTN interfaces PSTN interfaces are available on some FortiGate Voice models Syntax config system pstn edit xfxo name gt set cid name lt caller name gt set cid number caller name gt set status enable disable set user callerid enable disable set cid signalling bell dtmf v23 v23 jp set Cid start polarity ring set send callerid after lt integer gt set hangup on polarity reversal set hangup on zero voltage set hangup on busy tone set busycount lt integer gt set busy tone length lt integer gt set busy quiet length lt integer gt set codec alaw ulaw end Variables Description Default edit lt fxo name gt Enter the name of the FXO No default cid name This name is used for caller ID for calls from the FortiGate No lt caller name gt Voice unit to the PSTN It can be any name su
26. dialing configuration From the CLI you can use the cid number option of the config pbx did command to specify the number called from an external line that is re directed to the selected extension Use this option if the extension number cannot be matched with the external number In the following example DID sends calls received on the fxo1 PSTN interface that end with 5555 to extension 1234 config pbx did edit did_example set external line fxol set cid number 5555 set extension 1234 FortiGate Voice Version 4 0 MR1 Administration Guide 44 01 410 112851 20100601 http docs fortinet com Feedback FortiGate Voice web based manager configuration reference PBX configuration end end Configuring PBX settings Configure PBX system settings that affect the overall performance of the PBX service and all of the users of it Settings include the extension pattern for the PBX the outgoing dial prefix and the email server to use for sending voicemail notification email messages Usually you would configure these settings once and rarely thereafter To configure PBX settings group go to PBX gt Calling Rules gt Setting make configuration changes as required and then select Apply Figure 12 Configuring PBX settings PBX Global Setting Extension Range Country Code Local Area Code Voicemail Access Outgoing Prefix Max Voicemail Duration PBX Settings xxx qc oa 408 g7 oC TU No Limit Jeo second
27. domain gt set secret lt password gt set authuser lt authuser gt set display name lt display name gt set reigstration interval lt refresh_interval gt set account type static dynamic Set port port provider gt set dtmf method auto inband info rfc2833 set codec alaw g729 none ulaw set codecl alaw g729 none ulaw set codec2 alaw g729 none ulaw end Variables Description Default edit lt provider name gt Enter the VoIP provider s name No default user lt user name gt Enter the user name for the provider You can enter No the phone number registered with this provider default instead secret lt password gt Enter the password associated with the provider No default domain The VoIP provider s domain name or IP address For No lt VoIP provider address example 172 20 120 11 or voip example com default _ipv4 gt lt VoIP provider domain gt authuser lt authuser gt Enter the authentication user for the account No default display name Enter the name that will be used as the caller ID name No lt display name gt if the provider supports this feature default reigstration interval Enter a number for the refresh interval No refresh interval default account type Enter to define the type of account No static dynamic default port sport provider Enter the port that the provider will be using No default dtmf method auto Enter the DTMF method that will be used No inband info
28. e Enable Select Type Regular IP Range 172 20 120 110 172 20 120 210 Network Mask 255 255 255 0 Default Gateway 172 20 120 10 20 FortiGate Voice Version 4 0 MR1 Administration Guide 01 410 112851 20100601 http docs fortinet com e Feedback Example FortiGate Voice branch office configuration Example FortiGate Voice branch office configuration Configuring basic FortiGate Voice network and UTM settings Advanced Select DNS Server 1 172 20 120 10 4 Change other settings if required and select OK To configure FortiGuard services for the FortiGate Voice unit Use the following procedure to configure the FortiGate Voice unit to connect to the FortiGuard Distribution Network FDN to update the antivirus antispam and IPS attack definitions Before you can begin receiving updates you must register the FortiGate Voice unit from the Fortinet Support web site For more information see Registering your Fortinet product on page 15 1 Goto System gt Maintenance gt FortiGuard 2 Select the expand arrow for AntiVirus and IPS Options to expand the options 3 Select Update Now to update the FortiGuard services and definitions If the connection to the FDN is successful the web based manager displays a message similar to the following Your update request has been sent Your database will be updated in a few minutes Please check your update page for the status of the update After a few minutes if an update is av
29. e line If you have more PSTN phone lines you can connect and configure more fxo interfaces Skip this procedure if your FortiGate Voice unit does not include PSTN interfaces 1 Goto System gt Network gt PSTN Interface and edit the fxo1 interface 2 Configure the following settings Phone Number Enter the phone number of the PSTN phone line as provided by your phone service provider The phone number is used for caller ID for calls from the FortiGate Voice unit to the PSTN It can be any number but is usually the actual phone number of the PSTN line connected to the fxo1 interface Area code and country codes are optional Display Name This name is used for caller ID for calls from the FortiGate Voice unit to the PSTN It can be any name such as a company name that identifies the branch office Caller ID Options Configure the following options to seen caller ID functions for calls from the internal network to the PSTN Catch Caller ID Select to enable the FortiGate Voice unit to receive caller ID information from calls originating on the PSTN and send the caller ID information to the extension that answers the call 22 FortiGate Voice Version 4 0 MR1 Administration Guide 01 410 112851 20100601 http docs fortinet com e Feedback Example FortiGate Voice branch office configuration Configuring the FortiGate Voice PSTN and PBX settings Caller ID Protocol Caller ID Indicator Ring Hang up Options Hang up on Po
30. e unit for the IP phones that are to be connected to the internal network You add identifying information to each extension entry The IP phone must be configured with identifying information that matches an entry in the extension list in order to get an extension from the FortiGate Voice unit Extension numbers are independent of the IP address of the IP phone 1 Goto PBX gt Extension gt Extension and select Create New 2 Configure the following settings to add extension 6001 Extension 6001 Type SIP Phone First Name The first name assigned to this extension Usually a person s first name Last Name The last name assigned to this extension Usually a person s last name When this extension calls another phone the caller ID displayed on the called phone consists of the extension First Name followed by the Last Name Email The email address of the person assigned to this extension The FortiGate Voice unit sends voicemail notifications for the extension to this email address 26 FortiGate Voice Version 4 0 MR1 Administration Guide 01 410 112851 20100601 http docs fortinet com e Feedback Example FortiGate Voice branch office configuration Example FortiGate Voice branch office configuration Configuring the FortiFones on the internal network Password Dial Plan Voicemail Voicemail Password Email Notification Email Attachment Auto Delete Maximum Message The SIP phone user password for the phone a
31. ehind a NAT device The following procedure describes adding the extension from the FortiGate Voice CLI because you must use the CLI to enable NAT You could add the extension from the web based manager and then edit the extension from the CLI to enable NAT The following configuration is the same whether the phone is behind a NAT device on the internal network or on a remote network 1 Connect to the FortiGate CLI 2 Enter the following command to add extension 6010 The command includes setting nat to yes to enable NAT config pbx extension edit 6010 set first name lt first name str set last name xlast name str5 set email semail str 28 FortiGate Voice Version 4 0 MR1 Administration Guide 01 410 112851 20100601 http docs fortinet com e Feedback Example FortiGate Voice branch office configuration Adding extensions and configuring FortiFones for users behind a NAT device set secret lt password str set dialplan Dial Plan 1 set vm secret lt voicemail password str set email notify enable set attach enable set nat yes end To configure FortiFones behind a NAT device on the internal network The configuration for FortiFones behind a NAT device on the internal network is the same as for FortiFones directly on the Internal network See To configure FortiFones on the internal network on page 27 You may have to configure the NAT device to allow SIP sessions between the FortiFone and the FortiGate Voice unit
32. et messages left by callers and to program the IVR system and record a new voice mail message for the system Conference to configure a conference bridge For the Conference extension you can add an extension number and a password PBX users can call this extension number and enter the password to join a conference call The name of the extension The dial plan that will be used for that extension Extension configuration settings Extension Type First Name Last Name Email Password Dial Plan Voicemail Enter the extension number Select the type of extension You can choose from SIP Phone IVR or Conference Enter the first name of the person that will be using this extension Enter the surname of the person that will be using this extension Enter the email address of the person that will be using this extension Enter the password of that accesses the email address Select the dial plan that will be used with this extension from the drop down list Select if you want to have voicemail available for this extension 38 FortiGate Voice Version 4 0 MR1 Administration Guide 01 410 112851 20100601 http docs fortinet com Feedback FortiGate Voice web based manager configuration reference PBX configuration Voicemail Password Email Notification Email Attachment Auto Delete Maximum Message Enter a voicemail password for accessing the voicemail Select to have an email sent to the email addre
33. f digits The extension range can only contain numbers and the letter X If you add numbers to the extension range all extensions added to this FortiGate Voice unit must include the same numbers in the same location in the extension number For example if you include a 6 as the first digit all extensions added this FortiGate Voice unit must begin with the number 6 e The Xs indicate the number of digits in addition to the required number that each extension must have For example 6XXX indicates the extensions must start with the number 6 and be followed by any three numbers Usually you would add one or two numbers to the start of the extension range to identify the extensions for this PBX and follow this with enough Xs to be able to add the required number of extensions The extension range should not begin with the same number as the outgoing prefix local area code Enter the local area code for the country or region in which 408 lt code string gt you are installing the FortiGate Voice unit max voicemail Limit the length of voicemail messages in seconds Set to 60 max length seconds 0 for no limit outgoing prefix The number that PBX users must dial to get an outside 9 lt pattern str gt line For example if users should dial 9 to get an outside line add 9 to this field The outgoing prefix should not be the same as the first number of the extension range ring timeout The number of seconds that an extension shou
34. g them that they have a voicemail message default lt user email address gt FortiGate Voice Version 4 0 MR1 Administration Guide 01 410 112851 20100601 http docs fortinet com e Feedback 51 config pbx global FortiGate Voice VolP PBX and PSTN CLI Reference Variables Description Default first name Enter the person s first name No cfirst name gt default last name Enter the surname of the person No surname names default nat no yes Enter to indicate that the phone is behind a NAT device No default secret Enter the user s password for voicemail No lt user password default type conference Enter the type of extension to configure sip ivr sip phone sip phone to configure a SIP phone extension phone ivr to add an interactive voice response IVR configuration Use this setting to customize the welcome message when a external caller calls the system Create the IVR and then call the extension number to customize the welcome message An ivr extension only requires an extension number and a secret conference to add a conference bridge Multiple users can call the conference bridge extension number enter the secret and have a conference call A conference bridge only requires an extension number and a secret vm secret Enter the user s password for accessing their voicemail No lt user_ password gt inbox default voicemail Enable the extension
35. he FortiGate n a n a 172 20 120 195 10 FortiGate Voice Version 4 0 MR1 Administration Guide 01 410 112851 20100601 http docs fortinet com e Feedback Document conventions Example Network configuration The network configuration shown in Figure 2 or variations on it is used for many of the examples in this document In this example the 172 20 120 0 network is equivalent to the Internet The network consists of a head office and two branch offices Figure 2 Example network configuration Head office WLAN 10 12 101 100 N SSID example com gt Password supermarine DHCP range 10 12 101 200 249 FortiMail 100C Port1 10 11 101 110 Internal Network FortiAnalyzer 100B l l l l l j l FortiWiFi 80CM g Windows PC INT 10 11 101 101 10 11 101 10 Port2 10 11 101 130 Linux PC A 10 11 101 20 l FortiGate 82C Port2 10 11 101 102 on l 820 Po Port2 10 11 101 100 EA P l __ a gt FH vv FortiGate 620B i Cluster Port1 172 20 120 130 Port1 172 20 120 141 sniffer mode Port2 and Port3 Port8 lt Linksys SRW2008 a A Old Lab mirror of Port2 and Port3 41 Port5 Port1 Branch office WAN1 172 20 120 122 Internal 10 31 101 100 Internet Windows PC 10 31 101 10 WAN1 172 20 120 131 Le ee ee ee zi FortiGate 51B Branch office Port1 10 21 101 101 Engineering Network Port1 10 21 101 102 Forti
36. hone users to dial 3 to access the FortiGate Voice PBX directory Phone users can use the directory to call an extension by using the number keys on their phone to spell out the First Name or Last Name of an extension to connect with that extension 30 FortiGate Voice Version 4 0 MR1 Administration Guide 01 410 112851 20100601 http docs fortinet com e Feedback Example FortiGate Voice branch office configuration Adding a shortcut for checking voicemail To provide access to the company directory from any extension 1 Log into the FortiGate Voice web based manager 2 Goto PBX gt Calling Rules gt Voice Menu 3 Select the Edit icon for Key 3 You can select any available key but this example uses 3 4 Set Action to Go to Company Directory and select OK Adding a shortcut for checking voicemail Use the following procedure to allow phone users to dial 7 to access their voicemail To provide access to the company directory form any extension 1 Log into the FortiGate Voice web based manager 2 Goto PBX gt Call gt Voice Menu 3 Select the Edit icon for Key 7 You can select any available key but this example uses 7 4 Set Action to Check Voicemail and select OK Checking voicemail Once users connect to their voicemail using the Voicemail Access number configured from PBX gt Calling Rules gt Setting or by pressing the configured voicemail key they can follow the prompts to listen to store and delete messages Users can al
37. iagnose command to restart the FortiGate Voice PBX daemon diagnose pbx restart FortiGate Voice Version 4 0 MR1 Administration Guide 60 01 410 112851 20100601 http docs fortinet com e Feedback
38. ider FortiGate Voice Version 4 0 MR1 Administration Guide 40 01 410 112851 20100601 http docs fortinet com e Feedback FortiGate Voice web based manager configuration reference PBX configuration Figure 10 Configuring a dial plan Name mpany default of Entries Comments default dial plan company default default dial plan Comments maximum 63 characters emergency international tollfree longdistance Others ARI Qutgoing Prefix Phone NO Begin with Outgoing Action 911 Allow i 9 011 Block im 2 9 18 Allow o 4 9 1 Block qd a Dh Edit Dial Plan Rule Name Tollfree KP Use Default Outgoing Prefix 9 Phone number Begin with fis Prepend Action Allow Outgoing Available Selected PSTN fxol Z PSTN fx02 PSTN fx03 PSTN fxo4 E Lk Canal Go to PBX gt Calling Rules gt Dial Plan to add a dial plan General dial plan list settings Create New Name of Entries Comments Select to configure a dial plan You can add multiple dial plans and assign them to different extensions For example you might want to have a dial plan that allows long distance calls and a dial plan that does not The name of the dial plan The number of entries in each dial plan An optional description of the dial plan Dial plan rule configuration settings Name Use Default Outgoing Prefix 9 Outgoing Prefix Phone number Begin with Enter a des
39. ing for the VoIP provider and the Head Office SIP configuration are not described FortiGate Voice Version 4 0 MR1 Administration Guide 01 410 112851 20100601 http docs fortinet com Feedback 17 General configuration steps Example FortiGate Voice branch office configuration Figure 3 Example Branch Office network configuration Extension Range 6000 6999 Branch Office Internal network Remote Users PCs with SIP soft phones kar FortiFones or and FortiFones SIP soft phones Subnet 172 20 120 0 p gt Extension range i 6000 6999 z P Remote kg 7 FortiGate unit PSTN in NAT mode z external ms 192 168 40 10 FortiFone f A SIP Trunking Al E LAN _ internal gp J WAN ng MIS FortiFone 172 20 120 10 192 168 10 10 Head Office B7 215 FortiGate Voice 80C IP 192 168 30 10 3 Extention Range 2000 2999 a GP y a he VoIP Provider FortiFone NAT device IP 192 168 20 10 behind a NAT device This section describes General configuration steps Connecting the FortiGate Voice unit Configuring basic FortiGate Voice network and UTM settings Configuring network settings for the devices on the Internal network Configuring the FortiGate Voice PSTN and PBX settings Configuring the FortiFones on the internal network Adding extensions and configuring FortiFones for users behind a NAT device General configuration steps 1 Connect the FortiGate Voice unit to the Internet the internal network and the
40. interface is down a green up arrow indicates that the interface is up If enabled a green checkmark appears If Catch Caller ID is disabled a gray X appears PSTN interface configuration settings Basic Options Name Phone Number Display Name Caller ID Options The basic options for the interface The name of the PSTN interface Enter the phone number of the PSTN phone line as provided by your phone service provider The phone number is used for caller ID for calls from the FortiGate Voice unit to the PSTN It can be any number but is usually the actual phone number of the PSTN line connected to the fxo1 interface Area code and country codes are optional This name is used for caller ID for calls from the FortiGate Voice unit to the PSTN It can be any name such as a company name that identifies the branch office Configure the following options to support caller ID functions for calls from the internal network to the PSTN FortiGate Voice Version 4 0 MR1 Administration Guide 01 410 112851 20100601 http docs fortinet com Feedback 35 PBX configuration FortiGate Voice web based manager configuration reference Catch Caller ID Caller ID Protocol Caller ID Indicator Ring Hang up Options Hang up on Polarity Reversal Hang up on Busy Tone Busy Tone Detection Busy Tone Duration Busy Tone Interval Administrative Status PBX configuration Select to enable the FortiGate Voice u
41. internal network can use the FortiGate Voice internal interface as their DNS server IP address The procedure To configure the FortiGate Voice to be a DHCP server for the internal network on page 20 describes how to configure the FortiGate DHCP server to configure PCs on the internal network to use the FortiGate Voice internal interface as a DNS server 8 Select Apply 9 Goto Router gt Static gt Static Route 10 Edit the default static route and configure the following settings Destination IP Mask 0 0 0 0 0 0 0 0 Device wan1 Gateway Enter the IP address of the default gateway provided by your ISP Distance 10 11 Select OK To configure the FortiGate Voice to be a DHCP server for the internal network Use this procedure to add a new DHCP server for the internal network or to change the configuration of the default FortiGateVoice DHCP server The DHCP server will give PCs on the Internal network IP addresses in the range 172 20 120 110 to 172 20 120 210 and set their default gateway and DNS server to the IP address of the FortiGate Voice internal interface 1 Go to System gt DHCP gt Service and select the expand arrow for the internal interface 2 Select the Add DHCP Server icon for the internal interface If a DHCP server has already been added for the internal interface select the Edit icon to change its configuration 3 Configure the following settings Name Add a name for the DHCP server if you are adding a new on
42. ion Block Select Create New to add the dial plan rule for dialing 9 followed by 18 for toll free calls Name Toll Free Use Default Outgoing Prefix Selected 9 Phone number Begin with 18 Action Allow Outgoing Selected PSTN fxo1 Select Create New to add the dial plan rule for dialing 9 followed by 1 for long distance calls FortiGate Voice Version 4 0 MR1 Administration Guide 01 410 112851 20100601 25 http docs fortinet com e Feedback Configuring the FortiGate Voice PSTN and PBX settings Name Long_Distance Use Default Outgoing Prefix Selected 9 Phone number Begin with 1 Action Allow Outgoing Selected PSTN fxo2 8 Select Create New to add the dial plan rule for dialing 9 for all other PSTN calls Name Other_PSTN_Numbers Use Default Outgoing Prefix Selected 9 Action Allow Outgoing Selected Move PSTN fxo7 to the Selected list to send calls to the PSTN out the fxo1 interface 9 Select Create New to add the dial plan rule for dialing the Head Office Name Head_Office_Dial_Rule Use Default Outgoing Prefix Deselect 9 Phone number Begin with 2 ia that outgoing calls to the Head Office must start with a Action Allow Outgoing Move VolP VolP Provider 1 to the Selected list to send calls to the PSTN out the fxo1 interface 10 Select OK To add the extensions that are on the branch office internal network Use the following steps to add extensions to the FortiGate Voic
43. its destination You can prepend digits at the beginning of a call of special dialing is required to reach and external phone system use global Select yes if the dial plan rule should use the default yes outgoing prefix no Outgoing prefix usually 9 Select no to add a different yes outgoing prefix config pbx did Use this command to configure Direct Inward Dialing DID DID allows calls from external phone systems to dial directly to extensions added to the FortiGate Voice unit Syntax config pbx did edit lt pbx did name gt set external line fxol fxo2 fxo3 fx04 voip providers set cid number sphone number set extension extension number set comment comment strings end FortiGate Voice Version 4 0 MR1 Administration Guide 50 01 410 112851 20100601 http docs fortinet com Feedback FortiGate Voice VoIP PBX and PSTN CLI Reference contig pbx extension Variables Description Default edit lt pbx did name gt Enter the name for the Direct Inward Dial No default external line fxol Select one external system that can dial directly to an No fxo2 fxo3 fx04 extension fxol fxo2 fxo3 and fx04 are the 4 PSTN default interfaces lt voip providers are the VoIP providers svotp providers added to the FortiGate Voice cid number Enter the phone number dialed by a caller on the external
44. ive calls from the PSTN VoIP PBX services for FortiFones and SIP soft phones connected to the branch office internal network PBX features include Extensions to the FortiFones and SIP soft phones in the internal network The branch office phones use numeric extensions beginning with the number 6 and including three more digits Example valid extensions are 6123 6456 and 6899 e Extensions for phones behind NAT devices on the internal network e Extensions for phones behind NAT devices on a remote network e To collect voicemail the branch office phones dial 97 e SIP trunking to a VoIP provider for calling the head office e To call a phone number on the PSTN the branch office phones dial 9 followed by the phone number PSTN support will also include e Dialing 911 for emergencies Support for dialing international calls e Support for dialing toll free calls Support for long distance calls e The FortiGate Voice unit sends email notifications to users when they receive voicemail To call the head office the branch office phones dial a head office extension directly The head office extension range is 2000 2999 This configuration example describes configuring the FortiGate Voice 80C unit to support these services and where required also provides configuration steps for other devices such as the FortiFones and the remote FortiGate unit operating in NAT mode Details about the PSTN connection requirements SIP trunk
45. k gt A dotted decimal IPv4 address and CIDR notation netmask separated by a slash such as such as 192 168 1 99 24 e lt xxx_ipv6 gt Acolon delimited hexadecimal IPv6 address such as 3f2e 6a8b 78a3 0d82 1725 6a2f 0370 6234 e lt xxx_v mask gt An IPv6 netmask such as 96 e xxx ipvbmasks An IPv6 address and netmask separated by a space e lt xxx_str gt A string of characters that is not another data type such as P ssw0 rd Strings containing spaces or special characters must be surrounded in quotes or use escape sequences e exxx into An integer number that is not another data type such as 15 for the number of minutes Curly braces A word or series of words that is constrained to a set of options delimited by either vertical bars or spaces You must enter at least one of the options unless the set of options is surrounded by square brackets FortiGate Voice Version 4 0 MR1 Administration Guide 14 01 410 112851 20100601 http docs fortinet com Feedback Registering your Fortinet product Table 3 Command syntax notation Continued Convention Description Options Mutually exclusive options For example delimited by enable disable vertical bars indicates that you must enter either enable or disable but must not enter both Options Non mutually exclusive options For example delimited by http https ping snmp ssh telnet spaces indicates that you may enter all
46. larity Reversal Hang up on Busy Tone Busy Tone Detection Busy Tone Duration Busy Tone Interval Administrative Status Select the caller ID protocol required by PSTN line that the fxo interface is connected to Contact your service provider for the name of the protocol to use Select the caller ID indicator required by the PSTN line Contact your service provider for details Set the number of rings to wait before receiving caller ID information In most cases enter 1 to send caller ID information between the first and second ring Contact your service provider for details Configure the following options to configure how the FortiGate Voice unit hangs up calls from the PSTN Select if the PSTN line uses polarity reversal to indicate a call has been hung up Contact your service provider for details Select if you want the FortiGate Voice unit to hang up automatically when it receives a busy tone when attempting to dial a number on the PSTN The number of busy tones that the FortiGate Voice receives before hanging up if Hang up on Busy Tone is selected Tune the FortiGate Voice unit to accurately detect busy tones on this PSTN line You can change the default settings if busy tones are not accurately detected Set to Up if the fxo interface is connected to the PSTN and you want to be able to receive and send calls on this PSTN interface 3 Select OK To configure basic PBX system and voicemail notification settings
47. ld be 20 lt time int gt allowed to ring before going to voicemail rtp hold timeout The amount of time in seconds that the extension will wait 0 lt time int gt on hold for RTP packets before hanging up the call 0 means no time limit rtp timeout The amount of time in seconds during an active call that 60 time int gt the extension will wait for RTP packets before hanging up the call O means no time limit voicemail extension Enter the voicemail extension number that a user will use No lt access number gt to access their voicemail inbox default config pbx ringgrp Use this command to add and configure the extension groups An extension group here is referred to a ring group and is a group of extensions that can be called using one number You can configure the ring group to call all of the extensions in the group at the same time or to call the extensions one at a time until someone answers S Note The order in which the members are added to the ring group does not match the order in which the FortiGate Voice unit calls them FortiGate Voice Version 4 0 MR1 Administration Guide 01 410 112851 20100601 http docs fortinet com e Feedback 53 config pbx smtp FortiGate Voice VoIP PBX and PSTN CLI Reference Syntax config pbx ringgrp edit sring group name gt set description description str set member lt acd_ group member set no answer action hangup ivr voicemail set strategy ring all
48. ls including the originator of the call From the destination of the call To how long the call has been active Duration the codec used for transmitting voice packets and the status of the call Monitoring SIP Trunk status You can monitor status of the external SIP trunks or VoIP service providers that you have added to the FortiGate Voice configuration To monitor SIP trunk or VoIP service provider status go to PBX gt Monitor gt SIP Trunk Status For each service provider you can see the name of the service provider the host name of the SIP server that the FortiGate Voice unit connects to the account type the username for the account and the state of the relationship between the FortiGate Voice unit and the service provide If status is Registered the FortiGate Voice unit is able to connect to and register with the service provider Figure 13 Monitoring VoIP provider status j lq 4 fi 1 gt dl Column Settings Clear All Filters Y Name w Y Host Y AccountType Y User Y State isip sip2 isip iphone com Dynamic 200018 Registered Jun PBX 172 30 64 9 Static 5016 N A skype sip skype com Dynamic 99051000001928 Registered vonage sphone vopr vonage net Dynamic 14086892073 Registered Monitoring the status of PBX extensions You can monitor the status of the extensions added to the FortiGate Voice configuration Status information includes the extension number and the Host name or IP address of the extension as registered with
49. m you add dial plan rules that define the extra digits that extension users must dial to call out of the PBX The rules also control how the FortiGate Voice unit handles these calls including whether to block or allow the call the destinations the calls are routed to and whether to add digits to the beginning of the dialed number called prepending For example if PBX users should be able to dial 911 for emergencies you should include a dial plan rule that sends all calls that begin with 911 to an external phone system This rule should also override the default outgoing prefix so that users can dial 911 without having to dial 9 first You can also use dial plan rules to block some calls For example if you want to block extensions from making international calls you can add dial plan rule that blocks calls that start with the default outgoing prefix followed by 011 When the FortiGate Voice unit receives a call from an extension that does not match the FortiGate Voice unit s extension range the call is processed according to the dial plan added to the extension If the extension does not have a dial plan the call is blocked To process the call the FortiGate Voice unit selects the dial plan rule that best matches the dialed numbers and processes the call using the settings in the dial plan rule For example the emergency dial plan rule could route calls out a local PSTN line if your FortiGate Voice unit includes them or to a remote VolP prov
50. n down into e 110 119 Email servers e 120 129 Web servers e 130 139 Syslog servers 140 149 Authentication RADIUS LDAP TACACS FSAE etc e 150 159 VoIP SIP servers managers e 160 169 FortiAnalyzers 170 179 FortiManagers e 180 189 Other Fortinet products FortiScan FortiDB etc e 190 199 Other non Fortinet servers NAS SQL DNS DDNS etc Fortinet products non FortiGate are found from 160 189 FortiGate Voice Version 4 0 MR1 Administration Guide 01 410 112851 20100601 http docs fortinet com Feedback Document conventions The following table shows some examples of how to choose an IP number for a device based on the information given For internal and dmz it is assumed in this case there is only one interface being used Table 1 Examples of the IP numbering Location and device Internal Dmz External Head Office one FortiGate 10 011 101 100 10 011 201 100 172 20 120 191 Head Office second FortiGate 10 012 101 100 10 012 201 100 172 20 120 192 Branch Office one FortiGate 10 021 101 100 10 021 201 100 172 20 120 193 Office 7 one FortiGate with 9 VDOMs 10 079 101 100 10 079 101 100 172 20 120 194 Office 3 one FortiGate web n a 10 031 201 110 n a server Bob in accounting on the 10 0 11 101 200 n a n a corporate user network dhcp at Head Office one FortiGate Router outside t
51. n group This number must be a valid extension number for the FortiGate Voice configuration A description of the extension group The number of extensions in the extension group Select a type from the drop down list You can choose either Sequential or Ring All FortiGate Voice Version 4 0 MR1 Administration Guide 01 410 112851 20100601 http docs fortinet com Feedback 39 PBX configuration FortiGate Voice web based manager configuration reference No Answer Action Select the action to take when there is no answer for the incoming caller You can select Voicemail which routes the caller to voicemail IVR or Hangup If you select Voicemail the Voicemail Extension list appears and you need to select the voicemail extension number Voicemail Select the voicemail extension number from the drop down list This option Extension appears only when Voicemail is selected in No Answer Action Member Select an extension in the Available column and then use the gt arrow to move it to the Selected column To remove an extension from the Selected column select the extension and use the lt arrow to move it back to the Available column Configuring dial plans Dial plans route calls made from a FortiGate Voice extension to an external phone system The external phone system can be one or more PSTN lines if your FortiGate Voice unit includes PSTN interfaces or a VolP service provider To route calls to an external phone syste
52. ndicates that you may either omit or type both the verbose word and its accompanying option such as verbose 3 Angle brackets lt gt A word constrained by data type To define acceptable input the angled brackets contain a descriptive name followed by an underscore and suffix that indicates the valid data type For example lt retries int indicates that you should enter a number of retries such as 5 Data types include e xxx name gt A name referring to another part of the configuration such as policy A e lt xxx_index gt An index number referring to another part of the configuration such as 0 for the first static route e lt xxx_pattern gt A regular expression or word with wild cards that matches possible variations such as example com to match all email addresses ending in example com e lt xxx_fqdn gt A fully qualified domain name FQDN such as mail example com e lt xxx email gt An email address such as admin mail example com e lt xxx_url gt A uniform resource locator URL and its associated protocol and host name prefix which together form a uniform resource identifier URI such as http www fortinet com e lt xxx_ipv4 gt An IPv4 address such as 192 168 1 99 e lt xxx_v4mask gt A dotted decimal IPv4 netmask such as 25525525520 e lt xxx_ipv4mask gt A dotted decimal IPv4 address and netmask separated by a space such as 192 168 1699 255 255 255 0 e lt xxx_ipv4 mas
53. nds for the PBX to respond For example you can use voice menu options to allow PBX users to simply dial 3 to access their voice mail To configure voice menu options 1 Go to PBX gt Calling Rules gt Voice Menu 2 In the row of the key that you want to configure voice menu options for select the Edit icon 3 In the Action drop down list select one of the following None No action will be taken when a caller dial this number Ring Group The PBX user calls a ring group Select the ring group to call A ring group is also called an extension group To add ring groups see Configuring extension groups ring groups on page 39 Check Voicemail Provides direct access to the PBX user s voice mail inbox Go to Company Directory Provides direct access to the PBX company phone directory 4 Select OK FortiGate Voice Version 4 0 MR1 Administration Guide 01 410 112851 20100601 43 http docs fortinet com e Feedback PBX configuration FortiGate Voice web based manager configuration reference Configuring direct inward dialing You can configure direct inward dialing DID for calls DID allows the FortiGate Voice unit to direct calls from external callers directly to PBX extensions For example you could set up DID so that external users call 555 1234 and DID directs the call to extension 1234 Using the FortiGate Voice unit direct inward dial settings you associate an incoming PSTN interface if supported by your FortiGate V
54. net products install quickly configure easily and operate reliably in your network To learn about the technical support services that Fortinet provides visit the Fortinet Technical Support web site at https support fortinet com You can dramatically improve the time that it takes to resolve your technical support ticket by providing your configuration file a network diagram and other specific information For a list of required information see the Fortinet Knowledge Base article FortiGate Troubleshooting Guide Technical Support Requirements FortiGate Voice Version 4 0 MR1 Administration Guide 16 01 410 112851 20100601 http docs fortinet com e Feedback Example FortiGate Voice branch office configuration Example FortiGate Voice branch office configuration This section describes how to configure a FortiGate Voice 80C unit to operate in NAT Route mode and provide basic UTM and SIP services for the example branch office network shown in Figure 3 on page 18 The non PSTN parts of this example configuration also apply to FortiGate Voice models that do not include PSTN interfaces In this example the FortiGate Voice 80C unit provides Internet connectivity networking and UTM features for the PCs on the branch office internal network An single line a b wire connection between the FortiGate Voice 80C fxo1 interface and a public switched telephone network PSTN line so that branch office phones can call the PSTN or rece
55. nit to receive caller ID information from calls originating on the PSTN and send the caller ID information to the extension that answers the call Select the caller ID protocol required by PSTN line that the fxo interface is connected to Contact your service provider for the name of the protocol to use Select the caller ID indicator required by the PSTN line Contact your service provider for details Set the number of rings to wait before receiving caller ID information In most cases enter 1 to send caller ID information between the first and second ring Contact your service provider for details Configure the following options to configure how the FortiGate Voice unit hangs up calls from the PSTN Select if the PSTN line uses polarity reversal to indicate a call has been hung up Contact your service provider for details Select if you want the FortiGate Voice unit to hang up automatically when it receives a busy tone when attempting to dial a number on the PSTN The number of busy tones that the FortiGate Voice receives before hanging up if Hang up on Busy Tone is selected Tune the FortiGate Voice unit to accurately detect busy tones on this PSTN line You can change the default settings if busy tones are not accurately detected Set to Up if the fxo interface is connected to the PSTN and you want to be able to receive and send calls on this PSTN interface The following explains how to configure PBX settings for your netwo
56. nking FortiFones or other SIP Phones pa alb wire ng Class 5 R id LAN FXO x4 ASN A g EF ec some models PCs with SIP Soft Phone FortiGate Voice unit a b wire BRI PF LAN POTS ISDN Telephone Adapters ATA FortiGate Voice Version 4 0 MR1 Administration Guide 01 410 112851 20100601 http docs fortinet com Feedback Fortinet products Introduction This document includes a configuration example that describes how to configure a FortiGate Voice 80C to provide VoIP networking and UTM services for a branch office network Also included is a configuration reference to FortiGate Voice VolP PBX and PSTN web based manager and CLI functionality This chapter contains the following sections Fortinet products e Before you begin e How this guide is organized e Document conventions e Registering your Fortinet product e Fortinet products End User License Agreement e Training e Documentation e Customer service and technical support Fortinet products Fortinet s portfolio of security gateways and complementary products offers a powerful blend of ASIC accelerated performance integrated multi threat protection and constantly updated in depth threat intelligence This unique combination delivers network content and application security for enterprises of all sizes managed service providers and telecommunications carriers while providing a flexible scalable path for expansi
57. nunaassssan0nans 36 Configuring EXTENSIONS a ANA KANA BANAAG 37 Configuring extension groups ring QrOUPS cceeceeeeeeeeeeeeeeeeeenteeeeeeeenaeeeeeeeeaaes 39 Configuring dial plans ZARA MAA Gp AA BANANA 40 Configuring voice MENU pti0NS anaanawwwwwawanawwawaannanaawwaannaasaawaanasasananaassssan0nanns 43 Configuring direct inward Gialing ccceececceeeeeeeeeeeeeeeneeeeeeeeaaeeeeeeeaaeeeseeesaeeeeeeeaas 44 Configuring PBX settings cecenii EAE 45 Monitoring Calls cceceececeeeeee seen eee eeeeeeeeeeeeeeceeeeeeeseneeeeeeeseneaeeeeseeeeaeeeeseeeaeeeeseeeaeees 46 Monitoring SIP Trunk status 0 cc eceeeeeeeeeeeeee eee A 46 Monitoring the status of PBX extensions nanana wananananawanannananananasansnnanasanan 46 Logging of PBX activities nenna 47 Viewing log MESSAGES aaa ana 47 FortiGate Voice VoIP PBX and PSTN CLI Reference 49 CONTIG DIK dialpla M 5a vases aNG GA AGA NAGANA LAN erer REASTA EEEE EESE ES 49 CONTIG PDX GIG a cxhsvecees cdeweeiee catescine c cdewstties cabevecancoedueuececdseevstexsehseesiec cheeeuaanes cs 50 CONTIG PDX EXTENSION a NA NAAN GA AA RA a ma 51 config POX global 2a aaa ARNAN ANN GR NANANG UBE NARAN ANNA ANA ts 52 config PDX TINGED UNA NANANG RANU NEAR EDEN 53 CONTIG PDX SMP a ma aa ANNA NAIBA An 54 CONTIG PDX V0Ice MeNU sasa NARANASAN SA ASAN ARA NG 55 config POX voip provider ssiri iriiria aisada eirean daira N
58. og message indicates that the phone with FortiGate Voice extension number 6012 with caller ID Example Caller called extension 6036 And that the call was answered and lasted for 23 seconds 2010 03 12 01 12 42 log_id 0162043782 type event subtype pbx pri information fwver 040000 vd root action PBX call clid Example Caller lt 6012 gt src 6012 dst 6036 channel SIP 6012 084a9aa0 dstchannel SIP 6036 08464150 duration 23 start Fri Mar 12 01 12 19 2010 end Fri Mar 12 01 12 42 2010 disposition ANSWERED msg call from 6012 gt 6036 ANSWERED for 23 seconds FortiGate Voice Version 4 0 MR1 Administration Guide 01 410 112851 20100601 47 http docs fortinet com e Feedback Logging of PBX activities FortiGate Voice web based manager configuration reference FortiGate Voice Version 4 0 MR1 Administration Guide 48 01 410 112851 20100601 http docs fortinet com e Feedback FortiGate Voice VolP PBX and PSTN CLI Referen ce config pbx dialplan FortiGate Voice VoIP PBX and PSTN CLI Reference This section describes FortiGate Voice VoIP PBX and PSTN configuration settings PSTN interfaces are not available on all FortiGate Voice models For information about other FortiGate Voice CLI commands see the FortiGate CLI Reference This section describes config pbx did config pbx ringg config pbx smtp execute pbx config pbx dialplan Use this command config pbx dialplan config pbx extension config pb
59. oice 80C Unit operation widget Ef Unit Operation Forti4nalyzer eon m FPi3RATINET WANI INT INT INT INT FortiGate Voice 80C O O ma fxol fuo2fxo3fx04WAN2 INT INT INT INT omy sx Reboot ShutDown FortiManager System resources dashboard widget Go to System gt Status and view the System Resources widget to see the status of the amount of disk space left for the storage of PBX activities and events FortiGate Voice Version 4 0 MR1 Administration Guide 01 410 112851 20100601 33 http docs fortinet com Feedback Configuring VoIP interface settings FortiGate Voice web based manager configuration reference Figure 5 System Resources widget displaying PBX disk usage E System Resources CPU Usage 0 Memory Usage 13 PBX Disk Usage 0 Configuring VoIP interface settings You can configure an interface to accept SIP traffic for the FortiGate Voice PBX To configure VoIP interface settings 1 Goto System gt Network gt Interface 2 Select the interface that you want to configure VoIP settings for 3 Select the SIP Traffic check box to enable SIP traffic 4 Select OK Configuring PSTN interfaces Some FortiGate Voice models include public switched telephone network PSTN interfaces that you can use to connect the FortiGate Voice PBX to your local public telephone network Using these interfaces you can route calls from your FortiGate Voice network to the public telephone network The PSTN interfaces
60. oice unit or VolP service provider with a PBX extension When an incoming call is received from one of these sources if the last digits of the dialed number match the selected extension number the FortiGate Voice unit directs the call directly to the extension For this to work you must obtain an external phone number with the last digits matching the selected extension To configure direct inward dialing go to PBX 5 Calling Rules 5 Direct Inward Dial enter the information and then select OK Figure 11 Direct inward dialing Incoming Extension Comments PSTN fxn 121 MyName MyLastName this is for the branch office o Pi New Direct Inward Dial Delete Name direct_dial_1 Edit Incoming fxo4 v Extension 121 MyName MyLastName Comments headquarters only Cok cancel General direct inward dialing settings Name The name of the direct inward dialing configuration Incoming The incoming calls that received from the PSTN interface if supported by your FortiGate Voice unit or from a VoIP service provider Extension The extension that will be used Comments A description about the direct inward dial configuration Direct inward dialing configuration settings Name Enter a name for the direct inward dialing configuration Incoming Select a PSTN interface or VoIP service provider from the drop down list Extension Select an extension from the drop down list Comments Enter a description if applicable for the direct inward
61. on For more information on the Fortinet product family go to www fortinet com products Before you begin This document is intended for administrators not end users This FortiGate Voice Administration Guide is a supplement to the FortiGate Administration Guide that provides detailed information about the PBX and PSTN configuration for system administrators of a FortiGate Voice unit It is assumed that you have already successfully installed a FortiGate unit by following the instructions in the FortiGate Voice 80C QuickStart Guide PSTN interfaces are supported on some FortiGate Voice models At this stage e You have administrative access to the web based manager and or CLI e The FortiGate Voice unit is integrated into your network The operation mode has been configured e The system time DNS settings administrator password and network interfaces have been configured Firmware FortiGuard Antivirus and FortiGuard Antispam updates are completed Once that basic installation is complete you can use this document How this guide is organized This section of the guide provides a brief provides a chapter by chapter summary of this guide FortiGate Voice Version 4 0 MR1 Administration Guide 01 410 112851 20100601 http docs fortinet com e Feedback Introduction How this guide is organized The most recent version of this document is available from the FortiGate page of the Fortinet Technical Documentation web
62. on interface The default web configuration interface address is http 192 168 0 1 To connect to this address from a PC your PC should have an IP address on the 192 168 0 0 subnet for example 192 168 0 10 255 255 255 0 The default Username is root No password is required ao a BB amp Active Display Name Go to Network gt LAN Settings and set the P Type to DHCP Client and select Submit Select Save amp Reboot to save the IP addressing change Log into the FortiFone using the IP address it acquired from the DHCP server Go to SIP Settings gt Service Domain and add the following configuration information On The name to be displayed on the phone This name is only displayed on this phone When this phone calls another phone the name displayed is the First Name and Last Name added to the FortiGate Voice Extension configuration FortiGate Voice Version 4 0 MR1 Administration Guide 01 410 112851 20100601 http docs fortinet com e Feedback 27 Adding extensions and configuring FortiFones for users behind a NAT device Example FortiGate Voice branch office configuration User Name 6001 This is actually the Line Number or Extension Number and must match the Extension Number added to the FortiGate Voice Extension configuration for this phone Register Name 6001 The Register Name is used to authenticate the FortiFone and must match the Extension Number added to the FortiGate Voice Extension configuration for thi
63. or a subset of those options in any order in a space delimited list such as ping https ssh Note To change the options you must re type the entire list For example to add snmp to the previous example you would type ping https snmp ssh If the option adds to or subtracts from the existing list of options instead of replacing it or if the list is comma delimited the exception will be noted Registering your Fortinet product Before you begin configuring and customizing features take a moment to register your Fortinet product at the Fortinet Technical Support web site https support fortinet com Many Fortinet customer services such as firmware updates technical support and FortiGuard Antivirus and other FortiGuard services require product registration For more information see the Fortinet Knowledge Center article Registration Frequently Asked Questions Fortinet products End User License Agreement See the Fortinet products End User License Agreement Training Fortinet Training Services provides courses that orient you quickly to your new equipment and certifications to verify your knowledge level Fortinet provides a variety of training programs to serve the needs of our customers and partners world wide To learn about the training services that Fortinet provides visit the Fortinet Training Services web site at http campus training fortinet com or email training fortinet com Documentation
64. ormation for how to handle actions for that extension You can choose the type of extension such as SIP Phone IVR or Conference To configure extensions go to PBX gt Extension gt Extension select Create New enter the information and then select OK FortiGate Voice Version 4 0 MR1 Administration Guide 01 410 112851 20100601 http docs fortinet com Feedback 37 PBX configuration FortiGate Voice web based manager configuration reference Figure 8 Configuring extensions xtension w 120 121 Extension Type First Name Last Name Email Password Dial Plan Yoicemail Type Name Dial Plan SIP Phone 120 fortinet default o4 SIP Phone MyName MyLastName company default it Pi New Extension ara Edit sIPPhone y faywname MyLastName OO MyName example com besss company defautt z Vv Voicemail Password Jocceee Email Notification Vv Email Attachment r Auto Delete Li Maximum Message 50 1 9999 TD GD General extension settings Create New Extension Type Name Dial Plan Select to create an extension The extension number The type of extension the number is Type can be SIP Phone to configure a SIP phone extension IVR Recorder to configure the extension to call to leave a message for the phone system operator For IVR recorder you can add an extension number and a password From any PBX extension you can call this extension and enter the password to g
65. r port set server lt smtp server ip address gt set authenticate enable disable set password spassword str set username lt username_ str end FortiGate Voice Version 4 0 MR1 Administration Guide 54 01 410 112851 20100601 http docs fortinet com e Feedback FortiGate Voice VoIP PBX and PSTN CLI Reference contig pbx voice menu Variables Description Default port Enter the port number that the email server uses for 25 lt smtp_server_ port SMTP server Enter the email server IP address or domain name No lt smtp_ server ip default address authenticate Select enable if the email server requires authentication disable enable disable If you enable authentication you must also add a username and password password Enter the password for the account on the email sever lt password_str gt username Enter a valid username for an account on the email server No lt username_ str default config pbx voice menu Use this command to configure the menu that callers will access when they call The variable config press lt number gt configures the settings for the type of ring group and the type of group associated with that number Syntax config pbx voice menu set comment comment strings config press 0 press 1 press 2 press 3 press 4 press 5 press 6 press 7 press 8 press 9 set type directory none ring group voicemail set ring
66. r this phone Both the User Name and Register Name are required Register Password The Password added to the FortiGate Voice Extension configuration for this phone The Register Name and Register Password are used to authenticate the phone with the FortiGate Voice unit Domain Server Leave this field blank Not required since the configuration uses the FortiGate Voice unit as a SIP proxy This field is only used to add the phone toa SIP service domain FortiGate Voice Version 4 0 MR1 Administration Guide 01 410 112851 20100601 29 http docs fortinet com e Feedback FortiGate Voice IVR configuration Example FortiGate Voice branch office configuration Proxy Server 172 20 120 10 The IP address of the FortiGate Voice internal interface Outbound Proxy Leave this field blank 7 If the FortiFone can successfully connect to and register with the FortiGate Voice unit the Status of the FortiFone changes to Registered If Status does not change to Registered you should verify the Register Name or re enter the Password You should also confirm that the Domain Server and Proxy Server IP addresses are correct To configure the remote FortiGate unit in NAT mode The remote FortiGate unit in NAT mode must be configured to allow SIP sessions between the remote users on the remote network and the FortiGate Voice external interface To do this you need to e Add an internal to external firewall policy that allows SIP sessions so tha
67. rk 22 Configuring the FortiGate Voice PSTN and PBX settings munnananamawa 22 Configuring the FortiFones on the internal network cssceceessseeeeeeeeseeeeeeeeeeeeenenes 27 Adding extensions and configuring FortiFones for users behind a NAT 37 2 AA 28 FortiGate Voice IVR configuration na 30 Providing access to the company directory 1110manananaaanaanannna aanak 30 Adding a shortcut for checking Voicemail ccescccseeseeeeeeesneeeeeseeeeeeeeeseeenneeeeeesees 31 Checking voicemalh aasang GANA LAN AG sate eesesd sul eceeees ahaa ceeestanas deveeveaaneesey seine 31 FortiGate Voice web based manager configuration reference 33 Dashboard Widgets 2 lt 2ccieiccceecetnscececedeecececucndcivecdeqpeseeseetupesesceusigsavecusnncsdeeceteeteecectseiestecs 33 Unit operation dashboard widget maanaawwwaanananaaananananasananansaansnananasarsnanssssann 33 System resources dashboard widget mnannnwawawannnnaaaawanananawawaasansananaasasssnsanas 33 Configuring VoIP interface settings 11111aaaaaana a 34 Configuring PSTN interfaces a 34 FortiGate Voice Version 4 0 MR1 Administration Guide 01 410 112851 20100601 http docs fortinet com e Feedback Contents PBX CONTIQUIPALION NA AARAL AA 36 Configuring service providers 1 7 munananwaanawannasaaawaaunnaaaanaaasasananasasasa
68. rk environment These settings include voicemail notification settings configuring a VolP provider as well as system settings such as a voicemail access code and a maximum voicemail duration time limit This section describes Configuring service providers Configuring extensions Configuring extension groups ring groups Configuring dial plans Configuring voice menu options Configuring direct inward dialing Configuring PBX settings Monitoring calls Monitoring SIP Trunk status Monitoring the status of PBX extensions Configuring service providers You can configure multiple VolP providers for your PBX configuration To configure VoIP providers go to PBX gt Service Providers gt SIP Trunk select Create New configure the settings and then select OK 36 FortiGate Voice Version 4 0 MR1 Administration Guide 01 410 112851 20100601 http docs fortinet com e Feedback FortiGate Voice web based manager configuration reference PBX configuration Figure 7 VolP Provider Domain User Name Authorization User Name Display User Name Account Type DTMF Method Other voip 10 20 30 40 User2 User2 My name Static Inband i voip 123 172 16 24 155 useri useri Example_name Dynamic Auto Pi New VoIP Provider Name fvoip 123 OO Delet Domain 172 16 24 155 UU Edi User Name luser Password eseese O Authorization User Name Juser1 Display User Name JExample_name Account Type C Static gs Dynamic Registration
69. rovider s server if required by the VoIP provider Display User Name Enter a valid display user name for an account on the VoIP provider s server if required by the VoIP provider Account Type Select Static or Dynamic depending on the account with the VoIP provider Registration Interval If this is a dynamic account with the VoIP provider enter the registration interval as required by the VoIP provider After each registration interval the FortiGate Voice renews the registration of the account with the VoIP provider DTMF Method Auto Auto means the VoIP provider s server and the FortiGate Voice unit will negotiate to select a DTMF method You could also select a specific DTMF method if required 3 Select OK to add the VoIP provider To add a dial plan for dialing the PSTN and the main office Dial plans are used to route calls made from an extension to an external phone system The external phone system can be the PSTN or a VoIP provider To route calls to an external phone system you add dial plan rules that include a dial pattern and list of outgoing destinations When the FortiGate Voice unit receives a call from an extension and the number dialed matches a pattern in a dial plan rule the FortiGate Voice unit routes the call to the outgoing destination added to the dial plan 24 FortiGate Voice Version 4 0 MR1 Administration Guide 01 410 112851 20100601 http docs fortinet com e Feedback Example FortiGate Voice branch
70. s Voicemail Notification Email Setting SMTP Server mail example com Authentication Vv User Name fvoice_Admin Password pesee PBX Global Settings Extension Range Country Code Local Area Code Enter a pattern that defines the valid extensions that can be added to the FortiGate Voice configuration The pattern can include numbers that must be in every extension and upper case Xs to indicate the number of digits The extension range can only contain numbers and the letter X e Ifyou add numbers to the extension range all extensions added to this FortiGate Voice unit must include the same numbers in the same location in the extension number For example if you include a 6 as the first digit all extensions added this FortiGate Voice unit must begin with the number 6 e The Xs indicate the number of digits in addition to the required number that each extension must have For example 6XXX indicates the extensions must start with the number 6 and be followed by any three numbers Usually you would add one or two numbers to the start of the extension range to identify the extensions for this PBX and follow this with enough Xs to be able to add the required number of extensions The extension range should not begin with the same number as the outgoing prefix Enter the international country calling code for the country or region in which you are installing the FortiGate Voice unit Enter the local area code for the country
71. s phone Both the User Name and Register Name are required Register Password The Password added to the FortiGate Voice Extension configuration for this phone The Register Name and Register Password are used to authenticate the phone with the FortiGate Voice unit Domain Server Leave this field blank Not required since the configuration uses the FortiGate Voice unit as a SIP proxy This field is only used to add the phone to a SIP service domain Proxy Server 172 20 120 10 The IP address of the FortiGate Voice internal interface Outbound Proxy Leave this field blank Select Submit Select Save amp Reboot to save the service domain information 9 Ifthe FortiFone can successfully connect to and register with the FortiGate Voice unit the Status of the FortiFone changes to Registered If Status does not change to Registered you should verify the Register Name or re enter the Password You should also confirm that the Domain Server and Proxy Server IP addresses are correct Adding extensions and configuring FortiFones for users behind a NAT device When adding an extension for any SIP phone with a NAT device between the phone and the FortiGate Voice unit you must enable NAT in the FortiGate Voice extension configuration for the phone You can enable NAT only from the CLI This applies whether the phone is on a remote network behind a NAT device or behind a NAT device on the internal network To add an extension for a SIP phone b
72. select Notification CLI input config system dns set primary Kaddress ipv4 gt end CLI output FGT 602803030703 get system settings comments null opmode nat Emphasis HTTP connections are not secure and can be intercepted by a third party File content lt HTML gt lt HEAD gt lt TITLE gt Firewall Authentication lt TITLE gt lt HEAD gt lt BODY gt lt H4 gt You must authenticate to use this service lt H4 gt Hyperlink Visit the Fortinet Technical Support web site https support fortinet com Keyboard entry Type a name for the remote VPN peer or client such as Central Office 1 Navigation Go to VPN gt IPSEC gt Auto Key IKE Publication For details see the FortiOS Handbook CLI command syntax conventions This guide uses the following conventions to describe the syntax to use when entering commands in the Command Line Interface CLI Brackets braces and pipes are used to denote valid permutations of the syntax Constraint notations such as lt address_ipv4 gt indicate which data types or string patterns are acceptable value input FortiGate Voice Version 4 0 MR1 Administration Guide 01 410 112851 20100601 http docs fortinet com Feedback 13 Document conventions Table 3 Command syntax notation Convention Description Square brackets A non required word or series of words For example verbose 1 2 3 i
73. sequential set voicemail of extension extension number end Variables Description Default edit Enter the name for the group No ring group name gt default description A description of the extension group cdescription str member Enter the ACD member for the group No sacd group member default no answer action Enter the action that will be taken when none of the No hangup ivr extensions in the ring group answers default voicemail hangup hand up and end the call e ivr return the caller to the attendant where they can try another extension voicemail the caller is directed to the voicemail system where they can leave a message strategy ring all Control how the extensions in the group are called by the No sequential ring group default e ring all calls all of the extensions in the group at the same time sequential calls the extensions in the group one ata time in the order in which they have been added to the group voicemail of Enter the extension number to use for voicemail if no one No extension answers the call and no answer action is set to default voicemail cextension number config pbx smtp Use this command to configure the FortiGate Voice unit to send voicemail notification email messages Using this command you configure the email server that the FortiGate Voice unit sends email notifications to Syntax config pbx smtp set port lt smtp_ serve
74. site You can also learn more about the FortiGate Voice product from the same FortiGate page as well as from the Fortinet Knowledge Base This administration guide contains the following chapters Example FortiGate Voice branch office configuration provides a configuration example that describes how to configure a FortiGate Voice 80C unit to operate in NAT Route mode and provide basic UTM and SIP services for an example branch office network e FortiGate Voice web based manager configuration reference describes FortiGate Voice web based manager configuration settings e FortiGate Voice VoIP PBX and PSTN CLI Reference describes upgrading and managing firmware versions You should review this section before upgrading your FortiGate firmware because it contains important information about how to properly back up your current configuration settings and what to do if the upgrade is unsuccessful FortiGate Voice Version 4 0 MR1 Administration Guide 01 410 112851 20100601 7 http docs fortinet com Feedback How this guide is organized Introduction FortiGate Voice Version 4 0 MR1 Administration Guide 8 01 410 112851 20100601 http docs fortinet com e Feedback Document conventions Fortinet technical documentation uses the conventions described below IP addresses To avoid publication of public IP addresses that belong to Fortinet or any other organization the IP addresses used in Fortinet technical documentation are
75. so change their voicemail password FortiGate Voice Version 4 0 MR1 Administration Guide 01 410 112851 20100601 31 http docs fortinet com Feedback Adding a shortcut for checking voicemail Example FortiGate Voice branch office configuration FortiGate Voice Version 4 0 MR1 Administration Guide 32 01 410 112851 20100601 http docs fortinet com e Feedback FortiGate Voice web based manager configuration reference Dashboard widgets FortiGate Voice web based manager configuration reference This section describes FortiGate Voice web based manager configuration settings For information about other FortiGate Voice web based manager settings see the FortiGate Administration Guide or the FortiGate Voice online help This section describes e Dashboard widgets e Configuring VoIP interface settings e Configuring PSTN interfaces e PBX configuration e Logging of PBX activities Dashboard widgets There are two specific Dashboard widgets that contain valuable information at a glance about the operation of your FortiGate Voice unit and PBX disk usage The following explain these widgets the Unit Operation widget and the System Resources widget Unit operation dashboard widget Go to System gt Status and view the Unit Operation widget to see the status of the FortiGate Voice unit and its Ethernet and fxo interfaces The fxo interfaces appear if your FortiGate Voice unit includes PSTN interfaces Figure 4 FortiGate V
76. ss given in the Email field so that the person is notified when a voicemail message is in their voicemail message inbox Select to attach the actual voicemail message to the notification email Select to automatically delete the message Enter a number for the maximum number of messages that can be stored in the extension s voicemail inbox before automatically deleting those messages Configuring extension groups ring groups Extension groups also called ring groups are a group of extensions that can be called using one number The extension group can be used to call all the extensions in the group at the same time or to call the extensions one at a time until someone answers order in which the FortiGate Voice unit calls them Z Note The order in which the members are added to the ring group does not match the To configure an extension group go to PBX gt Extension gt Group select Create New enter the information and then select OK Figure 9 Configuring extension groups xtension Number Ring Strategy Sequential Fi Delete Edit of Members Description Edit Group Extension Number 6300 Description Support Ring Strategy Sequential x No Answer Action voicemal I Voicemail Extension 6001 username z Member Available Selected 6001 User Name 6002 User2 Name CL OKI Ccac Extension Number Description of Members Ring Strategy The number to call to reach extensio
77. ssigned to this extension For a FortiFone on the internal network to be able to register with the FortiGate Voice unit to get this extension the FortiFone Register Name must consist of the extension First Name followed by the Last Name separated by one space The FortiFone must also be configured with this Password and the IP address of the FortiGate Voice internal interface Dial_Plan_1 Select Enter the numeric password that the SIP user must enter to get voicemail The password can contain numbers only Select Select to attach a recording of the user s voicemail message to the voicemail notification email Select to automatically delete voicemail messages 50 The FortiGate Voice unit keeps up to 50 voicemail messages for this extension 3 Select OK to add the extension 4 Repeat to add more extensions Configuring the FortiFones on the internal network This section contains high level instructions for installing and configuring FortiFones for the example configuration For more detailed information see the FortiFone documentation To configure FortiFones on the internal network The following steps describe how to configure a FortiFone on the internal network with extension number 6001 This procedure would also apply to configuring a FortiFone for most networks See the documentation supplied with the FortiFone for details 1 Connect and power on the FortiFone handset 2 Connect to the handset web configurati
78. t the remote users can start SIP sessions with the FortiGate Voice unit e Adda virtual IP and an external to internal firewall policy that allows SIP sessions from the FortiGate Voice wan1 interface to connect to the phones in the remote network For higher security you could configure IPSec tunneling between the branch office network and the remote network and send SIP traffic over the IPSec tunnel FortiGate Voice IVR configuration By default when callers call into the FortiGate Voice PBX from a remote system such as the PSTN the call is picked up by the PBX system which plays a default message asking the caller to dial the extension number that they want to reach or to dial O for assistance If the caller dials O they can use the number keys on their phone to spell out the First Name or Last Name of an extension to connect with that extension You can use the following procedure to add a custom welcome message To add a custom welcome message 1 Log into the FortiGate Voice web based manager Go to PBX gt Extension gt Extension and select Create New Enter an Extension Set Type to IVR Recorder Enter a Password a fF O N The password should include numbers only Select OK 7 Froma SIP phone that is registered with the FortiGate Voice unit dial the Extension added in step 3 8 Follow the prompts to record a new welcome message Providing access to the company directory Use the following procedure to allow p
79. the FortiGate Voice unit To monitor extension status go to PBX gt Monitor gt Extension Status If the information displayed about an extension includes a host name or IP address the extension is operating and can send or receive calls with the FortiGate Voice unit If no host name or IP address is displayed the extension cannot communicate with the FortiGate Voice unit For example the extension could be shut down or not able to connect to the FortiGate Voice because of network issues or configuration problems with the configuration of the extension phone or softphone 46 FortiGate Voice Version 4 0 MR1 Administration Guide 01 410 112851 20100601 http docs fortinet com e Feedback FortiGate Voice web based manager configuration reference Logging of PBX activities Figure 14 Monitoring extension status gj M 4 F 1b NM Column Settings Clear All Filters Y Extension w Y Host Y DialPlan 6000 company default 6003 6003 65 115 88 2 company default 6004 6004 124 160 46 31 company default 6005 6005 72 174 62 252 company default 6006 123 company default Logging of PBX activities After configuring PBX settings you can configure logging of PBX activities and events If you are new to logging see Logging and Reporting in FortiOS 4 0 User Guide before proceeding To configure logging of PBX settings 1 Goto Log amp Report gt Log Config gt Event Log 2 Select the check box beside Enable to make the other event log
80. tiGate Voice unit The voice prompt files should be added to a tar file and zipped This file would usually have the extension tgz You lt gt i ene ver ad eee must include the filename port lt username gt password gt restore default Restore default English voicemail and other PBX system prompts prompts Use this command if you have changed the default prompts and want to restore the default settings sip trunk list Enter to display the status of all SIP trunks that have been added to the FortiGate Voice configuration Example command output Enter the following command to view active calls execute pbx active call Call From Call To Duration 6016 6006 00 00 46 Enter the following command to display the status of all extensions xecute pbx extension list Extension Host Dialplan 6052 Unregister company default 6051 Unregister company default 6050 Unregister company default 6022 Unregister company default 6021 6021 172 30 63 34 company default 6020 Unregister company default Enter the following command to display the status of all SIP trunks execute pbx sip trunk list Name Host Username Account Type State Provider 1 192 169 20 1 5555555 Static N A FortiGate Voice Version 4 0 MR1 Administration Guide 01 410 112851 20100601 59 http docs fortinet com e Feedback diagnose pbx restart FortiGate Voice VolP PBX and PSTN CLI Reference diagnose pbx restart Use this d
81. to have voicemail No enable disable default max msg Enter the maximum number of voicemail messages that No max messages are allowed in a user s voicemail inbox default allowed gt config pbx global Use this command to configure voicemail settings such as using music while the incoming caller is put on hold as well as the country and the extension pattern of the user Syntax config pbx global set country area lt country name gt se se extension pattern extension pattern Local arsa cod se se se se se se end CR AT AT AT AK AN AT ATA lt code string max voicemail smax length seconds gt eutgeing prefix lt pattern str gt ring timeout time int PEP hols Limsour lt Eim e snk Etp LiMmeout stime ints voicemalil extension lt access number 52 FortiGate Voice Version 4 0 MR1 Administration Guide 01 410 112851 20100601 http docs fortinet com Feedback FortiGate Voice VoIP PBX and PSTN CLI Reference contig pbx ringgrp Variables Description Default country area Enter the name of the country in which the FortiGate Voice USA lt country name gt unit is installed extension pattern Enter a pattern that defines the valid extensions that can null lt extension patterns be added to the FortiGate Voice configuration The pattern T can include numbers that must be in every extension and upper case Xs to indicate the number o
82. ule to configure No default action allow Set the action to allow if this dial plan rule should allow a No block call Set the action to block if the dial plan should block a default call For example if you want to block international calls you could set the Phone Number begin with to 011 and set the action to block callthrough fxol Select one or more destinations that the dial plan rule No fxo2 fxo3 fx04 sends outgoing calls to fxo1 fx02 fx03 and x04 are default the 4 PSTN interfaces lt voip providers gt are the VoIP providers added to the FortiGate Voice A dial plan rule can send calls to one or more destinations lt voip providers gt outgoing prefix If you set use global outgoing prefix to no you null lt pattern str gt can enter a different outgoing prefix for this dial plan phone no beginwith Enter the leading digits of the phone number that this dial null lt patern str gt plan rule should match with For example a dial plan rule for toll free numbers in North America should begin with 18 The FortiGate Voice uses a best match to match a dialed number with a dial plan So each dial plan should have a different Phone number Begin with setting But you should plan your dial plan to make sure that unexpected matches do not occur prepend Add digits that should be prepended or added to the null lt pattern str gt beginning of the dialed number before the call is forwarded to
83. umber 911 Begin with Action Allow Outgoing Selected PSTN fxo1 Table 5 Rule 2 international calls beginning with 011 Name International Use Default Selected Outgoing Prefix 9 Phone number 011 Begin with Action Block Table 6 Rule 3 Toll free calls starting with 18 Name Toll_Free Use Default Selected Outgoing Prefix 9 FortiGate Voice Version 4 0 MR1 Administration Guide 42 01 410 112851 20100601 http docs fortinet com e Feedback FortiGate Voice web based manager configuration reference PBX configuration Table 6 Rule 3 Toll free calls starting with 18 Phone number 18 Begin with Action Allow Outgoing Selected PSTN fxo1 Table 7 Rule 4 Long Distance calls starting with 1 Name Long Distance Use Default Selected Outgoing Prefix 9 Phone number 1 Begin with Action Allow Outgoing Selected PSTN fxo2 Table 8 Rule 5 Other outgoing calls Name Other_PSTN_Numbers Use Default Selected Outgoing Prefix 9 Phone number Begin with Action Allow Outgoing Selected PSTN fxo2 PSTN fxo2 Configuring voice menu options Configure voice menu options to provide PBX users with shortcuts to PBX functions such as accessing their voice mail finding numbers in the company directory or dialing a ring group To access voice menu functions PBX users dial a single number on their phones and wait a few seco
84. utgoing In the Available column select one or more PSTN interfaces if your FortiGate Voice unit includes them and or VoIP service providers that the calls matching this dial plan should be routed to and use the arrow to move to them to the Selected column If you need to remove a PSTN interface or VoIP provider from the Selected list select the item and use the arrow to move it back to the Available column list The FortiGate Voice unit uses the PSTN interfaces and VolP providers in the Selected list in the order in which they are arranged in the list You can arrange the PSTN interfaces and VoIP providers in the Selected column using the up and down arrows beside the Selected column Select a PSTN interface or VoIP provider and then use the arrows to arrange them in the list Example dial plan This simplified example dial plan includes 5 dial plan rules that e Routes emergency calls dialing 911 to the fxo1 PSTN interface e Blocks international calls the phone number begins with 011 e Routes Toll Free calls beginning with 18 to the fxo1 PSTN interface e Routes non international long distance calls beginning with 1 to the fxo2 PSTN interface e Routes all other external calls to the fxo3 and fxo3 PSTN interfaces In this example all outgoing calls are routed to the PSTN and not to other VoIP service providers Table 4 Rule 1 emergency calls using 911 Name Emergency Use Default Not selected Outgoing Prefix 9 Phone n
85. x global rp config pbx voice menu config pbx voip provider config system pstn config system interface diagnose pbx restart to add a dial plan and add rules to the dial plan A dial plan rule indicates an outgoing destination to send calls to You can add multiple rules to a dial plan You add dial plans to extensions to control how to handle outgoing calls from the extension Syntax config pbx dialplan edit lt pbx dialplan name gt set comm config edit se se se se se ents lt comment_string gt rule lt rule name str t action allow block t Gallthrough fxo1 Tx z lt voip providers outgoing prefix lt patternm str phone no beginwith lt patern str prepend lt pattern str EFxo3 x04 se end end CT CT CT CT use global outgoing prefix no yes FortiGate Voice Version 4 0 MR1 Administration Guide 01 410 112851 20100601 http docs fortinet com Feedback 49 config pbx did FortiGate Voice VoIP PBX and PSTN CLI Reference Variables Description Default edit Enter the name for the dial plan If you entering an existing No lt pbx dialplan name gt dial plan select Tab to get to the dial plan that you want to default edit comments Optionally enter a description of the dial plan No lt comment_string gt default config rule Configure a new dial plan rule No default edit lt rule_name_str gt Enter the name of the dial plan r
86. y quiet length Enter a number that determines how long the busy tone is No lt integer gt off default codec alaw ulaw Enter the Codec preference type based on the country No default config system interface Use this command to allow traffic for the VoIP protocol SIP to flow on a specific interface Syntax config system interface edit interface name gt set voip enable disable end Variables Description Default edit Enter the interface that you want to allow SIP traffic on No interface name gt default voip Enable the VoIP SIP protocol for allowing SIP traffic on the di sable enable disable interface execute pbx Use this command to view active channels and to delete list or upload music files for when music is playing while a caller is on hold Syntax execute pbx active call lt list gt xecute pbx extension lt list gt execute pbx music on hold delete list upload execute pbx prompt upload ftp lt file tgz gt lt ftp server address gt port lt username gt password gt execute pbx prompt upload tftp lt file tgz gt cftp server address gt port lt username gt password gt execute pbx prompt upload usb lt file tgz gt cftp server address gt port lt username gt password gt execute pbx restore default prompts execute pbx sip trunk list Variables Description active call lt list gt Enter to display a list
Download Pdf Manuals
Related Search