For When You Can't Have The Real Thing
[ start | index | login ]
start > FortiOS > 5.2 > VoIP Clients with FortiGates

VoIP Clients with FortiGates

Created by dave. Last edited by dave, one year and 92 days ago. Viewed 543 times. #3
[diff] [history] [edit] [rdf]


VoIP Clients with FortiGates


Disable the SIP ALG

config system settings
set sip-helper disable
set sip-nat-trace disable
config system session-helper
show    (locate the SIP entry, usually 13, but can vary)
delete 13 (or the number that you identified from the previous command)
config system settings
set default-voip-alg-mode kernel-helper-based

Then reboot the firewall in order for all the above changes to take effect


...a cheatsheet I found on >>Reddit:

- remove SIP, RAS, and H323, usually by: 
config system session-helper
delete 13
delete 3
delete 2

- disable sip helper and nat trace config system settings set sip-helper disable end set sip-nat-trace disable end end

- edit voip profile config voip profile edit default config sip set status disable end end

- Flush ARP cache execute clear system arp table

- nuclear option, reset all sessions diagnose sys session clear


Verify SIP ALG is off using these commands:
d sys sip mapping
d sys sip-proxy calls
The first should be blank, and the second should return an error:
sip calls
Could not connect to imd monitor on /tmp/imd_monitor_socket
no comments | post comment

Virtual Dave Megaplex:

Internet Explorer 6 Users >>Click Here

(read this note about local search)

Logged in Users: (0)
… and 7 Guests.

Editing: snipsnap-help, Image Macro

(Et auditum est, et idcirco ego nunc simulare)

Installed 7 years and 102 days ago
Powered By >>SnipSnap Version 1.0b1-uttoxeter

This is a collection of techical information, much of it learned the hard way. Consider it a lab book or a /info directory. I doubt much of it will be of use to anyone else.

Useful: | Copyright 2000-2002 Matthias L. Jugel and Stephan J. Schmidt