• Home
  • Troubleshooting
  • Firewalls

Disabling SIP ALG on a Fortigate Firewall

Written by Marissa Orsini

Updated at April 27th, 2023

Contact Us

  • The Essentials
    FAQs Forms
  • Announcements
    Carrier Events mFax Events Platform Events Release Notes
  • Billing Administration
    Datagate OneBill
  • Faxing
    mFax - Analog mFax - Digital Native Fax
  • Hardware & Software
    Manual Configuration Provisioning NDP Axis Cisco Fanvil Grandstream Polycom Snom Yealink Mobile Applications Desktop Applications Mobile-X SNAPbuilder TeamMate Connector UC Integrator
  • Hosted Voice
    Auto Attendants Branding Call Queues Call Routing CDRs Conferencing E-911 Features Fraud Integrations Inventory / Phone Numbers Local & Toll Free Porting Onboarding Recommendations SNAP.HD SIP Trunking SMS / MMS Users Voicemail Caller ID
  • Troubleshooting
    VoIPmonitor Firewalls PBX
  • Ray's Stuff
+ More

Table of Contents

Disabling SIP ALG

Scope:

The following article will show you how to disable the SIP ALG setting on a Fortigate Firewall.

 

Requirements:

CLI access to the Fortigate Firewall

 

 

Disabling SIP ALG


  1. Open the CLI interface for your Fortigate Firewall
    1. Before making any changes be sure to backup your configuration
  2. In the CLI enter the following commands 
    1. Use the following commands for a device on FortiOS starting at 6.2.2
    2. config system settings
    3. set sip-expectation disable
    4. set sip-nat-trace disable
    5. set default-voip-alg-mode kernel-helper-based
    6. end
  3. For devices below FortiOS version 6.2.2 use the following commands
    1. config system settings
    2. set sip-helper disable
    3. set sip-nat-trace disable
    4. set default-voip-alg-mode kernel-helper-based

end
 

  1. If you encounter and error while entering set default-voip-alg-mode kernel-helper-based go ahead and ignore it
  2. The rest of the configuration will be the same for all FortiOS versions
  3. Run the following commands
    1. config system session-helper
    2. show 
      1. Here you will want to find the entry for SIP, this is typically 12 but it may differ depending on software version and model
    3. delete 12
      1.  Alternatively use the entry you found in the previous step
    4. end
  4. Enter the following commands in the CLI to disable RTP processing
    1. config voip profile
    2. edit default
    3. config sip
    4. set rtp disable
    5. end
    6. end
  5. Once done go ahead and reboot the device, Fortigate firewalls do not require a reboot when you change configuration but in this case, we will need the reboot to activate the session helper changes
  6. Lastly, reboot all of your SIP Devices/Phones

 

fortigate sip alg

Was this article helpful?

Yes
No
Give feedback about this article

Related Articles

  • Sonicwall: Recommended Settings for VoIP

Knowledge Base Software powered by Helpjuice

Expand