Fortigate and FFTP

kmca — Mon, 24 Jul 2023 11:06:01 GMT

Not a question but more a tale of moving from ADSL/Copper to FFTP and VOIP.

It's early day's but so far it's all good.

I have removed all of the copper cable (lots), the phone exchange (panasonic), and the old phones, so there is a lot less clutter - but I need do some touch up painting.

So we started from here: multiple land lines, ADSL broadband, a Business Hub in Bridge Mode, and a Fortigate wan interface connected using PPPOE. A very reliable setup delivering close to 70Mbit/sec.

We have ended up with 150MBit FFTP and Cloud Voice, running through the same Fortigate firewall with no Business smart hub. It delivers around 140Mbit/sec down and 30 Mbit/sec up.

The OpenNTU is small but needs a power socket close by.

As we had so many holes drilled for the old copper, I asked for a fibre to run through an existing hole in a window frame to the outside box that terminated the fibre run from a telegraph pole. The three cables are power, ethernet (to fortigate), and fibre to the outside box.

The BT Business Smart Hub requires power, and the supplied cable (Eth) is short so you need two power points for the NTU and Hub.

To keep things simple we installed using the BT Business Smart Hub, and this was very easy except for the Cloud Voice Express. As a Business installation OpenReach engineers do not to have phone installation listed on their work instruction - but they do for Digital Voice in home installations. And our phone would not work, it had no line, and would not provision. Eventually BT advised a factory reset of the Base Unit and that triggered the provisioning, but we were without a business phone for three days over a weekend.

Once the Yellink phone was working, I removed the BT Business Smart Hub and ran a 30m flat ethernet cable (in trunking) from the NTU to my Fortigate. I kept the existing rule base for my internal network, just changing the WAN interface, and adding a new interface for the Yeylink Base unit.

Changing the PPPOE from ADSL with multiple static IP's to FFTP PPPOE took a few tries, and I learned to save the configuration before trying to connect. All my static routes and VIP's (Static IP range) were going (moved to cloud) and I was going to have a dynamic IP. And the WAN1 interface looks like this:

Addressing Mode: PPPOE

Obtained IP/Mask: Leave the Renew button alone until you have saved the changes

Username: btbusinesshub@business.btckick.com

Password: <Blank>

UnnumberedIP: 0.0.0.0

Initial Disc Timeout: 1

Initial PADT Timeout: 1

Retrieve def gateway: enable

Distance: 10

Override Internal DNS: enable

I have no static routes enabled, they are set up on connection.

The Yealink Hub is shown below.

And the Handset has a separate charging dock.

The Yealink base is connected via ethernet cable to a separate interface on my firewall. The rule base follows the BT guide "BT Cloud Voice - Firewalls and LAN". On Page 4 there is a table of SIP and RTP rules to be implemented, on Page 5 (DNS and NTP) and on Page 7 there some rules for the Yealink Base station.

I also followed the Fortinet note on "Disabling SIP ALG on a Fortigate firewall".

I found the Yealink Base tries to dial home to an address that is not listed, but you will find that in the logs.

And finally here is the BT Business Hub disconnected and in its box.

Lastly I enabled Fortigate DDNS to keep track of the IP address changes with minimal effort.

Regards

Keith

Re: Fortigate and FFTP

Rileystanley — Thu, 24 Aug 2023 05:07:40 GMT

Transitioning from ADSL to FTTP and VOIP involved removing copper cables, an old phone exchange, and switching to a Yealink Cloud Voice setup. The FTTP installation provided increased speeds, but initial Cloud Voice provisioning issues led to a factory reset.

Re: Fortigate and FFTP

alle78 — Thu, 09 Nov 2023 17:30:25 GMT

Hey kmca, thanks for sharing your transition to FTTP and VOIP. Removing the old setup and adapting the Fortigate firewall seems quite a journey. Kudos on the smooth migration! mycenturahealth

topic Fortigate and FFTP in Broadband

Fortigate and FFTP

Re: Fortigate and FFTP

Re: Fortigate and FFTP