The following article will show you how to disable the SIP ALG setting on a Fortigate Firewall.
Requirements: - CLI access to the Fortigate Firewall
Disable SIP ALG
- Open the CLI interface for your Fortigate Firewall
- Before making any changes be sure to backup your configuration
- Use the following commands for a device on FortiOS starting at 6.2.2
config system settings
set sip-expectation disable
set sip-nat-trace disable
set default-voip-alg-mode kernel-helper-based
end - For devices below FortiOS version 6.2.2 use the following commands
config system settings
set sip-expectation disable
set sip-nat-trace disable
set default-voip-alg-mode kernel-helper-based
end - If you encounter and error while entering
set default-voip-alg-mode kernel-helper-basedgo ahead and ignore it - The rest of the configuration will be the same for all FortiOS versions
- Run the following commands
config system session-helper
show- Here you will want to find the entry for SIP, this is typically 12 but it may differ depending on software version and model
delete 12 - Alternatively use the entry you found in the previous step
end
- Here you will want to find the entry for SIP, this is typically 12 but it may differ depending on software version and model
- Enter the following commands in the CLI to disable RTP processing
config voip profile
edit default
config sip
set rtp disable
end
end - Once done go ahead and reboot the device, Fortigate firewalls do not require a reboot when you change configuration but in this case, we will need the reboot to activate the session helper changes
- Lastly, reboot all of your SIP Devices/Phones