I had a hard time getting external extensions working through a pfSense using a FortiVoice system (used to be talkswitch). I found you need to enable static ports on outgoing packets for the FortiVoice IP.
Here's how to do it:
Click Firewall -> NAT, and the Outbound tab. Click "Manual Outbound NAT rule generation (Advanced Outbound NAT (AON))" and click Save. You will then see a rule at the bottom of the page labeled "Auto created rule for LAN". Click + to copy that rule. Change the rule so it only covers the source IP of your device that needs static port, and any other settings you need. Check the "static port" box on that page, and click Save. Move the rule to the top of the list. Apply changes and this behavior will be disabled.