Disable the SIP ALG/Session Helper on the Fortigate


Your VoIP provider should give you the information, if the SIP ALG on the Fortigate is needed or not.

In the default setting of a Fortigate the SIP ALG is active.

Possible issues

If a VoIP provider does not require a SIP ALG/Session Helper on the Gateway but the SIP ALG/Session Helper is still active, it can among others cause the following issues:

  • One-way voice
  • Telephones not ringing
  • Issues with the registration of the Telephone can occur
  • Call transferring might fail
  • Calls that are on hold cannot be taken over


If you encounter any of the above issues, try to deactivate the SIP ALG and the session helper on the Fortigate. The commands are as follows:

 fgt # config voip profile
 fgt (profile) # edit default
 fgt (default) # config sip
 fgt (sip) # set status disable
 fgt (sip) # set rtp disable
 fgt (sip) # end
 fgt (default) # end

 fgt # config system session-helper
 fgt (session-helper) # show (this command is used to find the correct <id> for the SIP ALG)
 edit <id>
  set name sip
  set protocol 17
  set port 5060
 fgt (session-helper) # delete <id>
 fgt (session-helper) # end 

The above changes will only take effect after the Fortigate has been rebooted. To reboot the Fortigate issue the command below:

fgt # execute reboot

With the following command you can check if a session helper is active on a session currently open in your FortiGates session table:

diag sys session list | grep sip


2 thoughts on “Disable the SIP ALG/Session Helper on the Fortigate

  1. Tanguy Reply

    Thank you

    I found a few more commands to enter do I need then too ?
    config system settings
    set sip-expectation disable
    set sip-nat-trace disable
    set default-voip-alg-mode kernel-helper-based

    Do I need to enable profile SIP default in my “IPv4 Policy” ?

    Thanks !

    • ata Post authorReply

      Dear customer
      According to our test there is nothing more to do than what is stated in our blog.
      If you search for “sip alg tester” on the Internet you will find some tester tools which might help you check, if the sip alg on the FortiGate is truly disabled.
      The Boll Tech Team

Leave a Reply

Your email address will not be published. Required fields are marked *