Wednesday, March 22, 2023

Phantom calls on hosted voip phones behind Fortigate.

 Small office with a few Polycom phones from the local cable company.

No policies allowing incoming traffic from WAN1 but I see traffic like below.

wan1 in 68.35.27.144.5060 -> 24.49.187.25.65476: udp 540

internal out 68.35.27.144.5060 -> 10.88.1.18.5060: udp 532

The Fortinet receives packets on udp 65476 and the phone rings. 10k fake calls in a week.

I was able to replicate this with the sipp utility on Linux.

sipp 24.59.187.25:65476 (This makes the phone ring)

The option below appears to have stopped the calls.

 config system settings

 set sip-helper disable



Tuesday, May 4, 2021

Using AWS Chime Voice Connector SIP trunk

I tried using AWS as a SIP trunk with a Mitel system. There are two features missing with this product which prevent usage as the primary phone service for an enterprise.

    No call transfer.

    No 911 calls.

The instant setup and provisioning is awesome. I can purchase a new phone number and have it working in under five minutes. Very affordable backup or supplemental phone service for on premises PBX.

Friday, September 25, 2020

Fast setup of Grandstream ATA with Mitel

 

MiVoice / 3300 setup.

Add new extension.

Device Type: Generic SIP Phone. 

On the Access and Auth tab set the Sip Password.


HT801.

Connect analog phone to ATA.

Dial *** and then 02 to get IP address.

Open the ATA web interface with admin/admin.

Set these options on the FXS Port tab.

Primary SIP Server: 1.2.3.4

SIP User ID: 1001 (Mitel extension)

Authenticate Password:

Update

Apply


Go to Status page and check port status.

Friday, May 1, 2020

Mitel MiCollab or NuPoint database export


ssh root@10.11.12.13
(admin password)

sudo -u postgres psql -p 5444 -d NuPoint -c "copy np.np_mbox_id to '/tmp/mboxid.csv' with (format csv,header)"

exit

scp root@10.11.12.13:/tmp/mboxid.csv .

Contents of csv:

Wednesday, March 18, 2020

VPN setup between Fortinet and Meraki - Part 2


Fortigate CLI on 5.6.12

config vpn ipsec phase1-interface
edit meraki1
        set interface "port1"
        set keylife 28800
        set peertype any
        set proposal 3des-sha1
        set dpd disable
        set dhgrp 2
        set nattraversal disable
        set remote-gw 64.65.66.67
        set psksecret
end

config vpn ipsec phase2-interface
edit meraki1
        set phase1name meraki1
        set proposal aes256-sha1
        set pfs disable
        set keylifeseconds 28800
        set src-subnet 10.111.0.0 255.255.255.0
        set dst-subnet 10.222.0.0 255.255.255.0
end

config router static
edit 0
      set dst 10.222.0.0 255.255.0.0
      set device meraki1
end

Fortigate SNMP to get sessions with specific IP address

I have a need to keep a count of sessions from the Internet to a specific IP address.

snmpwalk -c mycommunity 10.1.2.3 1.3.6.1.4.1.12356.101.11.2.1.1.5 | grep 64.65.66.67 | wc

This one liner does the trick for now. 64.65.66.67 is the destination IP address on my network.

***

The example below will list all the session on the Fortigate and took about two minutes to complete with 1628 sessions.

snmpwalk -c mycommunity 10.1.2.3 1.3.6.1.4.1.12356.101.11.2.1.1.5

SNMPv2-SMI::enterprises.12356.101.11.2.1.1.5.1624 = IpAddress: 10.1.2.3
SNMPv2-SMI::enterprises.12356.101.11.2.1.1.5.1625 = IpAddress: 10.1.3.1
SNMPv2-SMI::enterprises.12356.101.11.2.1.1.5.1626 = IpAddress: 10.1.4.2
SNMPv2-SMI::enterprises.12356.101.11.2.1.1.5.1627 = IpAddress: 10.1.5.5
SNMPv2-SMI::enterprises.12356.101.11.2.1.1.5.1628 = IpAddress: 199.232.32.21