Configuring the services
Services already created:
The following are standard services that have already been created by default:
HTTP TCP 80
SNMP TCP 161-162/UDP 161-162
LDAP TCP 389
HTTPS TCP 443
SYSLOG UDP 514
Existing Services to be edited:
There are a few services that have already been created for you, but they need to be expanded to accommodate the list of protocols listed for this scenario.
The default h323 contains:
- TCP 1503 l UDP 1719 l TCP 1720
We need to add:
- TCP1719
The default SIP contains:
- UDP 5060
We need to add:
- TCP 5060
H323 service
1. Go to Policy & Objects > Objects > Services.
2. Scroll down to the section: VoIP, Messaging & Other Applications.
3. Select H323.
4. Select Edit.
5. In the Protocol section add the additional protocol:
Protocol Type TCP
Destination port
/Low
1719
6. Select OK to save.
SIP service
1. Go to Policy & Objects > Objects > Services.
2. Scroll down to the section: VoIP, Messaging & Other Applications.
3. Select SIP.
4. Select Edit.
5. In the Protocol section add the additional protocol:
Protocol Type TCP
Destination port /Low 5060
6. Select OK to save.
Custom Services that need to be created
There are a number of possible services that may need to be added from scratch rather than editing existing ones. While it is possible to create a single custom service that contains all of the open ports needed, it make more sense to make this modular in case only a small subset of the service needs to be added to another policy.
Polycom API
1. Go to Policy & Objects > Objects > Services.
2. Select Create New.
3. Fill in the fields of the new service with the following information:
| Name | Polycom API | |
| Service Type | Firewall | |
| Category | VoIP, Messaging & Other | |
| Protocol Type | TCP/UDP/SCTP | |
| Protocol | TCP/UDP/SCTP | |
| Protocol | TCP | |
| Destination Port – Low: | 24 | |
| Destination Port – High: | <leave blank> | |
|
4. |
Select OK. |
Polycom Endpoints
1. Go to Policy & Objects > Objects > Services.
2. Select Create New.
3. Fill in the fields of the new service with the following information:
Name Polycom Endpoints
Service Type Firewall
Category VoIP, Messaging & Other
Protocol Type TCP/UDP/SCTP
Protocol TCP
Destination – Low: 3230
Destination – High: 3253
4. Select OK.
Other Services to add in the same way:
| Name of Service | Category | Protocol & Port # |
|
LDAP secure com- munications |
Authentication |
TCP 636 |
|
Win 2000 ILS Registration |
Network Services |
TCP 1002 |
|
Gatekeeper discovery |
VoIP, Messaging & Other Applications |
TCP 1718 |
|
Audio Call Control |
VoIP, Messaging & Other Applications |
TCP 1731 |
|
Polycom proprietary Global directory data |
VoIP, Messaging & Other Applications |
TCP 3601 |
|
Polycom People+Content |
VoIP, Messaging & Other Applications |
TCP 5001 |
|
HTTP Server Push |
Web Access |
Creating the Service Group
1. Go to Firewall Objects > Service > Groups.
2. Select Create New.
3. Build the Service group by filing in the fields with the following information
Group Name A-V_Conference
Type Firewall
Members
(click in the drop down menu to add the following services)
- HTTP
- SNMP
- LDAP
- HTTPS
- SYSLOG
- Polycom API
- Polycom Endpoints
- LDAP secure communications
- Win 2000 ILS Registration
- Gatekeeper discovery
- Audio Call Control
- Polycom proprietary Global directory data
- Polycom People+Content
- HTTP Server Push
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!