General
Your VoIP provider should give you the information, if the SIP ALG on the Fortigate is needed or not.
In the default setting of a Fortigate the SIP ALG is active.
Possible issues
If a VoIP provider does not require a SIP ALG/Session Helper on the Gateway but the SIP ALG/Session Helper is still active, it can among others cause the following issues:
- One-way voice
- Telephones not ringing
- Issues with the registration of the Telephone can occur
- Call transferring might fail
- Calls that are on hold cannot be taken over
Solution
If you encounter any of the above issues, try to deactivate the SIP ALG and the session helper on the Fortigate. The commands are as follows:
fgt # config voip profile fgt (profile) # edit default fgt (default) # config sip fgt (sip) # set status disable fgt (sip) # set rtp disable fgt (sip) # end fgt (default) # end fgt # config system session-helper fgt (session-helper) # show (this command is used to find the correct <id> for the SIP ALG) edit <id> set name sip set protocol 17 set port 5060 next fgt (session-helper) # delete <id> fgt (session-helper) # end
The above changes will only take effect after the Fortigate has been rebooted. To reboot the Fortigate issue the command below:
fgt # execute reboot
With the following command you can check if a session helper is active on a session currently open in your FortiGates session table:
diag sys session list | grep sip
Thank you
I found a few more commands to enter do I need then too ?
config system settings
set sip-expectation disable
set sip-nat-trace disable
set default-voip-alg-mode kernel-helper-based
end
Do I need to enable profile SIP default in my “IPv4 Policy” ?
Thanks !
Dear customer
According to our test there is nothing more to do than what is stated in our blog.
If you search for “sip alg tester” on the Internet you will find some tester tools which might help you check, if the sip alg on the FortiGate is truly disabled.
The Boll Tech Team