ASIC Offloading & VoIP Quality Issues
Problem Description
Real-time VoIP applications (Discord, Teams, Zoom) exhibit high latency (>200ms) and packet loss, forcing a fallback to low-quality TCP relays. Audio input appears "damped," robotic, or near-silent to other participants, despite sounding perfect in local monitoring or DAW software.
Context This issue occurs in environments with two specific conditions:
-
Network: A "Double NAT" setup where a corporate firewall (e.g., FortiGate) sits behind an ISP router (e.g., FritzBox).
-
Audio: A multi-channel professional audio interface is used, but the microphone is connected to inputs other than channels 1 & 2 (e.g., Rear Line Inputs).
Solution 1: Network Configuration (Fixing Latency)
In Double NAT scenarios, standard firewall behavior often randomizes UDP source ports ("Port Scrambling"), breaking the peer-to-peer handshake required for low-latency VoIP. Additionally, hardware acceleration chips (ASIC/NPU) may drop these complex UDP packets.
For FortiGate (FortiOS 7.4+): You must modify the firewall policy governing the PC's traffic to force CPU processing and preserve the original source port.
-
Disable Hardware Offloading: Prevents the NPU from dropping fragmented UDP return traffic.
-
Enable Fixed Port: Forces the firewall to use the same internal source port for the external connection, allowing the upstream router to maintain the session.
CLI Commands:
config firewall policy
edit <POLICY_ID>
# Force traffic to main CPU (Software Processing)
set auto-asic-offload disable
set np-acceleration disable
# Prevent Port Translation (Fixes Double NAT Handshake)
set nat enable
set fixedport enable
# Disable Deep Inspection for Real-Time Traffic
set utm-status disable
set ssl-ssh-profile "no-inspection"
next
end
After applying, clear active sessions to force a fresh handshake:
diagnose sys session filter dport 50000 65535
diagnose sys session clear