FortiGate Voice ™ Version 4.0 MR1 Administration Guide Visit http://support.fortinet.com to register your FortiGate Voice product. By registering you can receive product updates, technical support, and FortiGuard services.
FortiGate Voice Administration Guide Version 4.0 MR1 1 June 2010 01-410-112851-20100601 © Copyright 2010 Fortinet, Inc. All rights reserved. No part of this publication including text, examples, diagrams or illustrations may be reproduced, transmitted, or translated in any form or by any means, electronic, mechanical, manual, optical or otherwise, for any purpose, without prior written permission of Fortinet, Inc.
Contents Contents Introduction .............................................................................................. 5 Fortinet products ............................................................................................................ 6 Before you begin............................................................................................................. 6 How this guide is organized...........................................................................................
Contents PBX configuration......................................................................................................... 36 Configuring service providers ................................................................................... Configuring extensions ............................................................................................. Configuring extension groups (ring groups).............................................................. Configuring dial plans .................
Introduction Introduction FortiGate Voice units integrate FortiGate UTM functionality with VoIP phone PBX functionality. Some FortiGate Voice models also support connections to the public switched telephone network (PSTN). A small office or an enterprise branch office can use a FortiGate Voice unit to provide routing, Ethernet switching, Internet connectivity, UTM security, VoIP gateway, and VoIP PBX features for the office.
Fortinet products Introduction This document includes a configuration example that describes how to configure a FortiGate Voice-80C to provide VoIP, networking, and UTM services for a branch office network. Also included is a configuration reference to FortiGate Voice VoIP, PBX, and PSTN web-based manager and CLI functionality.
Introduction How this guide is organized The most recent version of this document is available from the FortiGate page of the Fortinet Technical Documentation web site. You can also learn more about the FortiGate Voice product from the same FortiGate page, as well as from the Fortinet Knowledge Base.
How this guide is organized 8 Introduction FortiGate Voice Version 4.0 MR1 Administration Guide 01-410-112851-20100601 http://docs.fortinet.
Document conventions Fortinet technical documentation uses the conventions described below. IP addresses To avoid publication of public IP addresses that belong to Fortinet or any other organization, the IP addresses used in Fortinet technical documentation are fictional and follow the documentation guidelines specific to Fortinet. The addresses used are from the private IP address ranges defined in RFC 1918: Address Allocation for Private Internets, available at http://ietf.org/rfc/rfc1918.
Document conventions The following table shows some examples of how to choose an IP number for a device based on the information given. For internal and dmz, it is assumed in this case there is only one interface being used. Table 1: Examples of the IP numbering 10 Location and device Internal Dmz External Head Office, one FortiGate 10.011.101.100 10.011.201.100 172.20.120.191 Head Office, second FortiGate 10.012.101.100 10.012.201.100 172.20.120.192 Branch Office, one FortiGate 10.021.101.
Document conventions Example Network configuration The network configuration shown in Figure 2 or variations on it is used for many of the examples in this document. In this example, the 172.20.120.0 network is equivalent to the Internet. The network consists of a head office and two branch offices. Figure 2: Example network configuration Head office WLAN: 10.12.101.100 SSID: example.com Password: supermarine DHCP range: 10.12.101.200-249 FortiMail-100C Port1: 10.11.101.
Document conventions Cautions, Notes and Tips Fortinet technical documentation uses the following guidance and styles for cautions, notes and tips. Caution: Warns you about commands or procedures that could have unexpected or undesirable results including loss of data or damage to equipment. Note: Presents useful information, but usually focused on an alternative, optional method, such as a shortcut, to perform a step.
Document conventions Typographical conventions Fortinet documentation uses the following typographical conventions: Table 2: Typographical conventions in Fortinet technical documentation Convention Example Button, menu, text box, From Minimum log level, select Notification.
Document conventions Table 3: Command syntax notation 14 Convention Description Square brackets [ ] A non-required word or series of words. For example: [verbose {1 | 2 | 3}] indicates that you may either omit or type both the verbose word and its accompanying option, such as: verbose 3 Angle brackets < > A word constrained by data type. To define acceptable input, the angled brackets contain a descriptive name followed by an underscore ( _ ) and suffix that indicates the valid data type.
Registering your Fortinet product Table 3: Command syntax notation (Continued) Convention Description Options delimited by vertical bars | Mutually exclusive options. For example: {enable | disable} indicates that you must enter either enable or disable, but must not enter both. Options delimited by spaces Non-mutually exclusive options.
Customer service and technical support Fortinet Tools and Documentation CD Many Fortinet publications are available on the Fortinet Tools and Documentation CD shipped with your Fortinet product. The documents on this CD are current at shipping time. For current versions of Fortinet documentation, visit the Fortinet Technical Documentation web site, http://docs.fortinet.com.
Example FortiGate Voice branch office configuration Example FortiGate Voice branch office configuration This section describes how to configure a FortiGate Voice-80C unit to operate in NAT/Route mode and provide basic UTM and SIP services for the example branch office network shown in Figure 3 on page 18. The non-PSTN parts of this example configuration also apply to FortiGate Voice models that do not include PSTN interfaces.
General configuration steps Example FortiGate Voice branch office configuration Figure 3: Example Branch Office network configuration Branch Office Internal network PCs with SIP soft phones and FortiFones Subnet: 172.20.120.0 Extension Range 6000 - 6999 Remote Users with FortiFones or SIP soft phones Extension range 6000 - 6999 Remote FortiGate unit in NAT mode PSTN PC external 192.168.40.10 a/b - wire FortiFone fxo1 PC SIP LAN FortiFone SIP Trunking internal 172.20.120.
Example FortiGate Voice branch office configuration Connecting the FortiGate Voice unit 5 Configure the FortiFones on the internal network. 6 Configuring the FortiGate Voice unit to SIP phone users behind a remote NAT device. Connecting the FortiGate Voice unit The following procedure describes how to connect the FortiGate Voice unit to the Internet, the branch office internal network, and the PSTN (supported by some FortiGate Voice models).
Configuring basic FortiGate Voice network and UTM settings Example FortiGate Voice branch office configuration Addressing Mode Manual IP/Netmask 192.168.10.10/255.255.255.0 SIP Traffic Select Enable Configure other network interface settings as required and select OK. Note: You can also set the Addressing mode to DHCP or PPPoE for the wan1 interface depending on the requirements of your ISP. In the example the wan1 interface has a static IP address. 5 Go to System > Network > Options.
Example FortiGate Voice branch office configuration Configuring basic FortiGate Voice network and UTM settings Advanced Select DNS Server 1 172.20.120.10 4 Change other settings if required and select OK. To configure FortiGuard services for the FortiGate Voice unit Use the following procedure to configure the FortiGate Voice unit to connect to the FortiGuard Distribution Network (FDN) to update the antivirus, antispam and IPS attack definitions.
Configuring network settings for the devices on the Internal network Example FortiGate Voice branch office configuration Configuring network settings for the devices on the Internal network You can configure the PCs and other devices on the internal network to get their network configuration automatically using DHCP. If required you can also configure devices on the internal network with static IP addresses on the 172.20.120.0 subnet but outside the range awarded by the FortiGate Voice DHCP server.
Example FortiGate Voice branch office configuration Configuring the FortiGate Voice PSTN and PBX settings Caller ID Protocol Select the caller ID protocol required by PSTN line that the fxo interface is connected to. Contact your service provider for the name of the protocol to use. Caller ID Indicator Select the caller ID indicator required by the PSTN line. Contact your service provider for details. Ring # Set the number of rings to wait before receiving caller ID information.
Configuring the FortiGate Voice PSTN and PBX settings Example FortiGate Voice branch office configuration SMTP Server The name or IP address of an email server that the FortiGate Voice unit can send email notifications to when PBX users receive a voicemail. For example: mail.example.com. You can optionally create an email account on the email server for the FortiGate Voice unit. Authentication Select if the email server requires authentication.
Example FortiGate Voice branch office configuration Configuring the FortiGate Voice PSTN and PBX settings In addition to PSTN and head office support the dial plan must also support Emergency, international, toll free and long distance dialing.
Configuring the FortiGate Voice PSTN and PBX settings Name Example FortiGate Voice branch office configuration Long_Distance Use Default Outgoing Prefix Selected (“9”) Phone number Begin with 1 Action Allow Outgoing Selected PSTN - fxo2 8 Select Create New to add the dial plan rule for dialing 9 for all other PSTN calls.
Example FortiGate Voice branch office configuration Configuring the FortiFones on the internal network Password The SIP phone user password for the phone assigned to this extension. For a FortiFone on the internal network to be able to register with the FortiGate Voice unit to get this extension, the FortiFone Register Name must consist of the extension First Name followed by the Last Name separated by one space.
Adding extensions and configuring FortiFones for users behind a NAT device Example FortiGate Voice branch office configuration User Name 6001 This is actually the Line Number or Extension Number and must match the Extension Number added to the FortiGate Voice Extension configuration for this phone. Register Name 6001 The Register Name is used to authenticate the FortiFone and must match the Extension Number added to the FortiGate Voice Extension configuration for this phone.
Example FortiGate Voice branch office configuration Adding extensions and configuring FortiFones for users behind a NAT device set set set set set set end secret dialplan Dial_Plan_1 vm-secret email-notify enable attach enable nat yes To configure FortiFones behind a NAT device on the internal network The configuration for FortiFones behind a NAT device on the internal network is the same as for FortiFones directly on the Internal network.
FortiGate Voice IVR configuration Example FortiGate Voice branch office configuration Proxy Server 172.20.120.10 The IP address of the FortiGate Voice internal interface. Outbound Proxy Leave this field blank. 7 If the FortiFone can successfully connect to and register with the FortiGate Voice unit the Status of the FortiFone changes to Registered. If Status does not change to Registered you should verify the Register Name or reenter the Password.
Example FortiGate Voice branch office configuration Adding a shortcut for checking voicemail To provide access to the company directory from any extension 1 Log into the FortiGate Voice web-based manager. 2 Go to PBX > Calling Rules > Voice Menu. 3 Select the Edit icon for Key 3. You can select any available key, but this example uses 3. 4 Set Action to Go to Company Directory and select OK.
Adding a shortcut for checking voicemail 32 Example FortiGate Voice branch office configuration FortiGate Voice Version 4.0 MR1 Administration Guide 01-410-112851-20100601 http://docs.fortinet.
FortiGate Voice web-based manager configuration reference Dashboard widgets FortiGate Voice web-based manager configuration reference This section describes FortiGate Voice web-based manager configuration settings. For information about other FortiGate Voice web-based manager settings, see the FortiGate Administration Guide or the FortiGate Voice online help.
Configuring VoIP interface settings FortiGate Voice web-based manager configuration reference Figure 5: System Resources widget displaying PBX disk usage Configuring VoIP interface settings You can configure an interface to accept SIP traffic for the FortiGate Voice PBX. To configure VoIP interface settings 1 Go to System > Network > Interface. 2 Select the interface that you want to configure VoIP settings for. 3 Select the SIP Traffic check box to enable SIP traffic. 4 Select OK.
FortiGate Voice web-based manager configuration reference Configuring PSTN interfaces Figure 6: Configuring PSTN interfaces Edit General PSTN interface settings Column Settings Select to add or remove columns. This changes what information appears. Name The name of the PSTN interface. Phone Number The phone number that is associated with that PSTN interface. Display Name The name that displays on the phone’s LCD. Administrative Status Status of the PSTN interface.
PBX configuration FortiGate Voice web-based manager configuration reference Catch Caller ID Select to enable the FortiGate Voice unit to receive caller ID information from calls originating on the PSTN and send the caller ID information to the extension that answers the call. Caller ID Protocol Select the caller ID protocol required by PSTN line that the fxo interface is connected to. Contact your service provider for the name of the protocol to use.
FortiGate Voice web-based manager configuration reference PBX configuration Figure 7: VoIP Provider Delete Edit Name Enter the name for the VoIP provider configuration. This can be any name. Domain The VoIP provider’s domain name or IP address. For example, 172.20.120.11 or voip.example.com. User Name Enter a valid user name for an account on the VoIP provider’s server. This could also be a phone number including area code, depending on the requirements of the VoIP provider.
PBX configuration FortiGate Voice web-based manager configuration reference Figure 8: Configuring extensions Delete Edit General extension settings Create New Select to create an extension. Extension The extension number. Type The type of extension the number is. Type can be: • SIP Phone to configure a SIP phone extension • IVR Recorder to configure the extension to call to leave a message for the phone system operator. For IVR recorder you can add an extension number and a password.
FortiGate Voice web-based manager configuration reference PBX configuration Voicemail Password Enter a voicemail password for accessing the voicemail. Email Notification Select to have an email sent to the email address given in the Email field so that the person is notified when a voicemail message is in their voicemail message inbox. Email Attachment Select to attach the actual voicemail message to the notification email. Auto Delete Select to automatically delete the message.
PBX configuration FortiGate Voice web-based manager configuration reference No Answer Action Select the action to take when there is no answer for the incoming caller. You can select Voicemail, which routes the caller to voicemail, IVR, or Hangup. If you select Voicemail, the Voicemail Extension list appears and you need to select the voicemail extension number. Voicemail Extension Select the voicemail extension number from the drop-down list.
FortiGate Voice web-based manager configuration reference PBX configuration Figure 10: Configuring a dial plan Go to PBX > Calling Rules > Dial Plan to add a dial plan. General dial plan list settings Create New Select to configure a dial plan. You can add multiple dial plans and assign them to different extensions. For example, you might want to have a dial plan that allows long distance calls and a dial plan that does not. Name The name of the dial plan.
PBX configuration FortiGate Voice web-based manager configuration reference Prepend Add digits that should be prepended or added to the beginning of the dialed number before the call is forwarded to its destination. You can prepend digits at the beginning of a call of special dialing is required to reach and external phone system. Action Set the action to Allow if this dial plan rule should allow a call. Set the action to Block if the dial plan should block a call.
FortiGate Voice web-based manager configuration reference PBX configuration Table 6: Rule 3: Toll free calls starting with 18 Phone number Begin with 18 Action Allow Outgoing Selected PSTN - fxo1 Table 7: Rule 4: Long Distance calls starting with 1 Name Long_Distance Use Default Selected Outgoing Prefix (“9”) Phone number Begin with 1 Action Allow Outgoing Selected PSTN - fxo2 Table 8: Rule 5: Other outgoing calls Name Other_PSTN_Numbers Use Default Selected Outgoing Prefix (“9”) Phone num
PBX configuration FortiGate Voice web-based manager configuration reference Configuring direct inward dialing You can configure direct inward dialing (DID) for calls. DID allows the FortiGate Voice unit to direct calls from external callers directly to PBX extensions. For example, you could set up DID so that external users call 555-1234 and DID directs the call to extension 1234.
FortiGate Voice web-based manager configuration reference PBX configuration end end Configuring PBX settings Configure PBX system settings that affect the overall performance of the PBX service and all of the users of it. Settings include the extension pattern for the PBX, the outgoing dial prefix and the email server to use for sending voicemail notification email messages. Usually you would configure these settings once and rarely thereafter.
PBX configuration FortiGate Voice web-based manager configuration reference Voicemail Access Enter the exact pattern that PBX users dial to get their voicemail. For example, for users to dial *99 to get their voice mail, enter *99. Outgoing Prefix The number that PBX users must dial to get an outside line. For example, if users should dial 9 to get an outside line, add 9 to this field. The outgoing prefix should not be the same as the first number of the extension range.
FortiGate Voice web-based manager configuration reference Logging of PBX activities Figure 14: Monitoring extension status Logging of PBX activities After configuring PBX settings, you can configure logging of PBX activities and events. If you are new to logging, see Logging and Reporting in FortiOS 4.0 User Guide before proceeding. To configure logging of PBX settings 1 Go to Log&Report > Log Config > Event Log. 2 Select the check box beside Enable to make the other event log options available.
Logging of PBX activities 48 FortiGate Voice web-based manager configuration reference FortiGate Voice Version 4.0 MR1 Administration Guide 01-410-112851-20100601 http://docs.fortinet.
FortiGate Voice VoIP, PBX, and PSTN CLI Reference config pbx dialplan FortiGate Voice VoIP, PBX, and PSTN CLI Reference This section describes FortiGate Voice VoIP, PBX, and PSTN configuration settings. PSTN interfaces are not available on all FortiGate Voice models. For information about other FortiGate Voice CLI commands see the FortiGate CLI Reference.
config pbx did FortiGate Voice VoIP, PBX, and PSTN CLI Reference Variables Description Default edit Enter the name for the dial plan. If you entering an existing No dial plan, select Tab to get to the dial plan that you want to default edit. comments Optionally enter a description of the dial plan. No default config rule Configure a new dial plan rule. No default edit Enter the name of the dial plan rule to configure.
FortiGate Voice VoIP, PBX, and PSTN CLI Reference config pbx extension Variables Description Default edit Enter the name for the Direct Inward Dial. No default external-line {fxo1 | fxo2 | fxo3 | fx04 | } Select one external system that can dial directly to an extension. fxo1, fxo2, fxo3, and fx04 are the 4 PSTN interfaces. are the VoIP providers added to the FortiGate Voice.
config pbx global FortiGate Voice VoIP, PBX, and PSTN CLI Reference Variables Description Default first-name Enter the person’s first name. No default last-name Enter the surname of the person. No default nat {no | yes} Enter to indicate that the phone is behind a NAT device. No default secret Enter the user’s password for voicemail. No default type {conference | ivr | sip-phone} Enter the type of extension to configure.
FortiGate Voice VoIP, PBX, and PSTN CLI Reference config pbx ringgrp Variables Description country-area Enter the name of the country in which the FortiGate Voice USA unit is installed. extension-pattern Enter a pattern that defines the valid extensions that can null be added to the FortiGate Voice configuration. The pattern can include numbers that must be in every extension and upper case Xs to indicate the number of digits.
config pbx smtp FortiGate Voice VoIP, PBX, and PSTN CLI Reference Syntax config pbx ringgrp edit set description set member set no-answer-action {hangup | ivr | voicemail} set strategy {ring-all | sequential} set voicemail-of-extension end Variables Description Default edit Enter the name for the group. No default. description A description of the extension group.
FortiGate Voice VoIP, PBX, and PSTN CLI Reference config pbx voice-menu Variables Description Default port Enter the port number that the email server uses for SMTP. 25 server Enter the email server IP address or domain name. No default authenticate {enable | disable} Select enable if the email server requires authentication. disable If you enable authentication you must also add a username and password.
config pbx voip-provider FortiGate Voice VoIP, PBX, and PSTN CLI Reference Syntax config pbx voip-provider edit set user set domain { | set secret set authuser set display-name set reigstration-interval set account-type {static | dynamic} set port set dtmf-method {auto | inband | info | rfc2833} set codec {alaw | g729 |none | ulaw} set codec1 {alaw | g729 |
FortiGate Voice VoIP, PBX, and PSTN CLI Reference config system pstn config system pstn Use this command to configure the PSTN interfaces. PSTN interfaces are available on some FortiGate Voice models.
config system interface FortiGate Voice VoIP, PBX, and PSTN CLI Reference Variables Description Default busy-tone-length Enter a number that determines how logn the busy tone is No on. default busy-quiet-length Enter a number that determines how long the busy tone is No off. default codec {alaw | ulaw} Enter the Codec preference type based on the country.
FortiGate Voice VoIP, PBX, and PSTN CLI Reference execute pbx Variables Description music-on-hold {delete | list | upload} Enter to either delete, list or upload music on hold files. You can upload music on hold files using FTP, TFTP, or from a USB drive plugged into the FortiGate Voice unit. prompt upload ftp [:port] [] [password>] Upload new pbx voice prompt files using FTP. The voice prompt files should be added to a tar file and zipped.
diagnose pbx restart FortiGate Voice VoIP, PBX, and PSTN CLI Reference diagnose pbx restart Use this diagnose command to restart the FortiGate Voice PBX daemon. diagnose pbx restart 60 FortiGate Voice Version 4.0 MR1 Administration Guide 01-410-112851-20100601 http://docs.fortinet.
