Enabling Quality of Service (QoS) on a FortiGate Firewall for VoIP Service

Quality of Service (QoS) is a crucial feature in networking that ensures the prioritization and efficient utilization of network resources for specific applications and services. Voice over Internet Protocol (VoIP) services, such as SIP (Session Initiation Protocol) for communication, rely heavily on low latency and consistent network performance. FortiGate firewalls provide robust QoS capabilities to optimize network traffic and ensure a smooth VoIP experience. This knowledge base article outlines the steps to enable QoS for VoIP service using SIP port 5060 on a FortiGate firewall.

Prerequisites

  1. Access to FortiGate Firewall: You must have administrative access to the FortiGate firewall’s web-based management interface.
  2. Understanding of VoIP and SIP: Familiarity with the concepts of VoIP and SIP protocols will aid in configuring QoS effectively.

Configuration Steps

Step 1: Log into the FortiGate Web Interface

  1. Open a web browser and enter the IP address of the FortiGate firewall in the address bar.
  2. Log in using your administrator credentials.

Step 2: Create a New QoS Policy

  1. Navigate to “Policy & Objects” and select “IPv4 Policy” or “IPv6 Policy,” depending on your network configuration.
  2. Click “Create New” to define a new policy.

Step 3: Configure the QoS Policy

  1. General Settings:
    • Assign a unique name to the policy.
    • Specify the incoming interface where the VoIP traffic will be received.
    • Choose the appropriate source and destination addresses or address groups.
  2. Action:
    • Select “Accept” or “Accept for Logging” to allow the traffic through.
  3. Security Profiles (optional):
    • Attach any necessary security profiles (such as antivirus, web filtering, etc.) based on your organization’s security policies.
  4. QoS Settings:
    • Enable the QoS option.
    • Set the “Traffic Shaping Rate” to ensure that the VoIP traffic gets sufficient bandwidth. This rate should be based on your network’s available bandwidth and the number of VoIP calls you expect to handle simultaneously.

Step 4: Define QoS Classes

  1. Under “QoS Policy,” click “Create New.”
  2. Configure the following settings:
    • Name: Give the class a descriptive name (e.g., “VoIP QoS”).
    • DSCP Marking: Choose the appropriate DSCP (Differentiated Services Code Point) value. SIP traffic typically uses DSCP value EF (Expedited Forwarding) for optimal prioritization.
    • Queue Priority: Assign a high priority to the class.

Step 5: Apply the QoS Class to the QoS Policy

  1. In the QoS policy you created earlier, find the “QoS Profile” section.
  2. Select the QoS class you defined (“VoIP QoS”) from the dropdown menu.

Step 6: Apply the QoS Policy

  1. After configuring the QoS policy, apply it to the appropriate interface(s) by editing or creating a security policy that matches the VoIP traffic.
  2. Ensure that the policy order is appropriate to capture the VoIP traffic before any other policies.

Step 7: Verify and Monitor

  1. Save the changes you made in the FortiGate web interface.
  2. Monitor the QoS performance using the FortiGate’s reporting and monitoring tools. This will help you ensure that the QoS policies are effectively prioritizing the VoIP traffic.

Conclusion

Enabling Quality of Service (QoS) on a FortiGate firewall for VoIP service using SIP port 5060 is essential to provide a reliable and high-quality communication experience. By following the steps outlined in this knowledge base article, you can configure QoS settings to prioritize VoIP traffic and ensure that it receives the necessary network resources for optimal performance. Remember to regularly monitor the QoS performance to make any necessary adjustments based on network conditions and usage patterns.