Posts Tagged ‘inbound’

Below changes were added.

  • Added TCP 5060 for SIP(As sometimes this can be TCP/UDP) for all WANS
  • RTP port range 6200 – 6214 added for Inbound for all WANS
  • SIP domains allowed for Inbound for all WANS

SIP ALG turn off – Need to run below commands if it’s required. Best to test the phones after above changes.

 

en the Fortigate CLI from the dashboard and enter the following commands:

  • config system settings
  • set sip-helper disable
  • set sip-nat-trace disable
  • reboot the device

Re-open the CLI and enter the following commands:

  • config system session-helper
  • show    (locate the SIP entry, usually 12, but can vary)
  • delete 12    (or the number that you identified from the previous command)

Disable RTP processing as follows:

  • config voip profile
  • edit default
  • config sip
  • set rtp disable

 

 

config system settings
set default-voip-alg-mode kernel-helper-based
end

Important is that you need to configure it on all the VDOM`s
 
A reboot is not necessary, Clearing the sessions worked for us:

diagnose sys session filter
diagnose sys session filter dport 5060
diagnose sys session clear
diagnose sys session filter dport 2000
diagnose sys session clear

 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

What you need to do to enable Mailguard Filtering and Officemailguard 365

Login to 365 Portal 

Inbound Filter by IP

This forces all internal mail to only be accepted by 365 from Mailguard IP’s. Spammers start caching DNS records so even though you changed MX records they use old ones!

  • Exchange Administration 
  • Mailflow
  • Connectors

From Partner Organization
To Office 365
How do you want to identify the partner organization? Domain
Specify one or more sender domains: *
Reject email messages if they aren’t sent from within this IP address range ( IP Range from Mailguard )

203.21.125.32/32
69.16.202.203/32
174.36.235.195/32
69.16.202.216/32
50.23.246.238/32
50.23.252.166/32
108.168.255.216/32
108.168.255.217/32
203.21.125.33/32

Outbound Filter forcing SMTP relay

Make sure all Office 365 IP’s http://pastebin.com/6UZZcWPQ are in trusted networks

  • Exchange Administration 
  • Mailflow
  • Connectors

Only when I have a transport rule set up that redirects messages to this connector – Tick
Route email through these smart hosts : filter.riskca-1.mailguard.com.au
Always use Transport Layer Security (TLS) to secure the connection (recommended)

  • Exchange Administration 
  • Mailflow
  • Rules

Name : Relay Outbound through MailGuard
*Apply this rule if… – The Sender is Located … Inside the organization
*Do the following… : Use the following connector Name of Connector Above

SMTP SPF

Add this include to the TXT record for the outgoing domains

include:customer.mailguard.com

VN:F [1.9.22_1171]
Rating: 10.0/10 (1 vote cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)