For When You Can't Have The Real Thing
[ start | index | login ]
start > FortiOS > 5.2 > VoIP Clients with FortiGates

VoIP Clients with FortiGates

Created by dave. Last edited by dave, 6 years and 128 days ago. Viewed 2,612 times. #3
[diff] [history] [edit] [rdf]
labels
attachments
(2017-01-11)

Problem

VoIP Clients with FortiGates

Solution

Disable the SIP ALG

config system settings
set sip-helper disable
set sip-nat-trace disable
end
config system session-helper
show    (locate the SIP entry, usually 13, but can vary)
delete 13 (or the number that you identified from the previous command)
end
config system settings
set default-voip-alg-mode kernel-helper-based
end​

Then reboot the firewall in order for all the above changes to take effect

Alternatively

...a cheatsheet I found on >>Reddit:

- remove SIP, RAS, and H323, usually by: 
config system session-helper
delete 13
delete 3
delete 2
end

- disable sip helper and nat trace config system settings set sip-helper disable end set sip-nat-trace disable end end

- edit voip profile config voip profile edit default config sip set status disable end end

- Flush ARP cache execute clear system arp table

- nuclear option, reset all sessions diagnose sys session clear

Bonus

Verify SIP ALG is off using these commands:
d sys sip mapping
d sys sip-proxy calls
The first should be blank, and the second should return an error:
sip calls
Could not connect to imd monitor on /tmp/imd_monitor_socket
no comments | post comment
This is a collection of techical information, much of it learned the hard way. Consider it a lab book or a /info directory. I doubt much of it will be of use to anyone else.

Useful:


snipsnap.org | Copyright 2000-2002 Matthias L. Jugel and Stephan J. Schmidt