VoIP Clients with Fortigates
(2017-01-11)
Problem
VoIP Clients with FortiGates
Solution
Disable the SIP ALG
config system settings
set sip-helper disable
set sip-nat-trace disable
end
config system session-helper
show (locate the SIP entry, usually 13, but can vary)
delete 13 (or the number that you identified from the previous command)
end
config system settings
set default-voip-alg-mode kernel-helper-based
end​
Then reboot the firewall in order for all the above changes to take effect
Alternatively
...a cheatsheet I found:
- remove SIP, RAS, and H323, usually by:
config system session-helper
delete 13
delete 3
delete 2
end
- disable sip helper and nat trace
config system settings
set sip-helper disable end
set sip-nat-trace disable end
end
- edit voip profile
config voip profile
edit default config
sip set status disable
end
end
- Flush ARP cache
execute clear system arp table
- nuclear option, reset all sessions
diagnose sys session clear
Bonus
Verify SIP ALG is off using these commands:
d sys sip mapping
d sys sip-proxy calls
The first should be blank, and the second should return an error:
sip calls
Could not connect to imd monitor on /tmp/imd_monitor_socket