Disable the SIP ALG/Session Helper on the Fortigate

General

Your VoIP provider should give you the information, if the SIP ALG on the Fortigate is needed or not.

In the default setting of a Fortigate the SIP ALG is active.

Possible issues

If a VoIP provider does not require a SIP ALG/Session Helper on the Gateway but the SIP ALG/Session Helper is still active, it can among others cause the following issues:

  • One-way voice
  • Telephones not ringing
  • Issues with the registration of the Telephone can occur
  • Call transferring might fail
  • Calls that are on hold cannot be taken over

Solution

If you encounter any of the above issues, try to deactivate the SIP ALG and the session helper on the Fortigate. The commands are as follows:

 fgt # config voip profile
 fgt (profile) # edit default
 fgt (default) # config sip
 fgt (sip) # set status disable
 fgt (sip) # set rtp disable
 fgt (sip) # end
 fgt (default) # end

 fgt # config system session-helper
 fgt (session-helper) # show (this command is used to find the correct <id> for the SIP ALG)
 edit <id>
  set name sip
  set protocol 17
  set port 5060
  next
 fgt (session-helper) # delete <id>
 fgt (session-helper) # end 

The above changes will only take effect after the Fortigate has been rebooted. To reboot the Fortigate issue the command below:

fgt # execute reboot

 1,872 total views,  7 views today

Leave a Reply

Your email address will not be published. Required fields are marked *