Skip to main content
A small-business customer files a Kayako ticket: outbound calls connect, but the far side can’t hear them. The VoIP provider needs the SIP and RTP evidence in front of an engineer in two minutes, the fix on the SBC and the firewall in five, a validated test call, and a customer reply that doesn’t sound like a runaround.

Systems involved

SystemRole
KayakoSource ticket and final reply.
Asterisk / FreePBX call recordingThe actual call recording for the disputed call.
Homer / SIPCaptureSIP message trace for the call.
sngrep / pcap on SBCLive SIP and RTP capture.
Studio terminal (SBC SSH)Inspect SBC config, NAT settings, RTP pinholes.
FortiGate / Palo AltoFirewall RTP rule check and adjustment.
TestCallin / SIPpSynthetic test call to validate the fix.
Studio MemoriesCustomer-specific RTP / NAT notes.

Walkthrough

1

Pull the call evidence

Copilot reads the Kayako ticket, identifies the disputed Call-ID range from the customer’s description, and fetches the matching call recording and SIP trace from Homer for one example call. Both are attached to the workspace as artifacts.
2

Inspect the SIP trace

Copilot annotates the trace: INVITE, 100 Trying, 180 Ringing, 200 OK, ACK — all clean. The SDP shows the customer’s SBC offering an RTP address in the customer’s private range, no c= line rewrite. RTP from the customer reaches the carrier; carrier RTP heading back never arrives.
3

Live capture on the SBC

SSH to the SBC. Run sngrep filtered on the customer’s IP. Place a fresh test call from a softphone. The capture confirms the same one-way RTP pattern.
4

Identify the root cause

Copilot correlates the SBC’s NAT-traversal config with the customer’s firewall behaviour. The customer’s FortiGate is dropping inbound RTP because the pinhole was created against the wrong helper. The NAT type on the SBC also needs nat=force_rport,comedia for this customer’s subnet.
5

Stage the fix

Two changes: SBC nat setting and a FortiGate policy adjustment. Both stage in the staging panel with rollback commands. Approval prompt shows both changes side by side.
6

Push and validate

Push the SBC change. Push the FortiGate change through SSH. Run a synthetic test call through TestCallin that auto-evaluates audio in both directions. Audio is bidirectional.
7

Reply to the customer

Copilot drafts a Kayako reply: brief explanation, fix applied, validation result, no further action required from the customer’s side. Reviewed and sent.
8

Save what was learned

Save a memory tagged with the customer code: “FortiGate behind SIP-ALG; force RTP pinhole through policy 23, disable SIP-ALG on inbound rule.” Promote the diagnosis path into a procedure called One-way audio triage.

Where Studio earns its keep

  • The recording, the SIP trace, and the live capture are all on one screen — the engineer can correlate INVITE, 200 OK, and the RTP gap without opening Wireshark.
  • The fix is two changes on two systems, staged and approved together, instead of two SSH sessions and two browser tabs.
  • The test call validates the fix in the same window the engineer just made the change in — no waiting for the customer to call back.
  • The memory means the next ticket from this customer with similar symptoms is solved in 10 minutes, not 50.

Terminal

Use the terminal for live sngrep and tcpdump on the SBC.

Procedures

One-way audio triage runbook with customer code as argument.