Blog

FortiOS older than software release 6.2.2

Run following commands from Fortigate firewall CLI

config system settings
set sip-helper disable
set sip-nat-trace disable
set default-voip-alg-mode kernel-helper-based
end

---

FortiOS v6.2.2+

Run following commands from Fortigate firewall CLI

config system settings
set sip-expectation disable
set sip-nat-trace disable
set default-voip-alg-mode kernel-helper-based
end

If you see an error while entering “set default-voip-alg-mode kernel-helper-based” , just ignore it.

---

Rest of configuration is the same for all FortiOS versions

Next we need to locate SIP entry in session helper list and delete it

config system session-helper
show

Scroll down until you see an entry for SIP, in our example it was number 13 but this may be different depending on model and software release. Now execute  following commands:

delete 13
end

The last set of commands disables processing of RTP protocol on the firewall

config voip profile
edit default
config sip
set rtp disable
end
end

Normally Fortigate firewalls do not require a reboot when you change configuration, but , it seems, in this case we need reboot it to activate session helper changes.

Last step – restart or power cycle all your SIP phones and devices