Is your VOIP phone not working in your network over you fortigate firewall? This could be your fix.When configuring SIP on a FortiGate, it is recommended to disable the SIP session-helper and work with the SIP Application Layer Gateway to ensure compatibility across SIP systems.
Login to your fortinet firewall on the browser and open the CLI in the dashboard.
1- Check the Session-helper number:
FGT# show system session-helper
edit 12 (1)
set name sip
set port 5060
set protocol 17
next
(1) Use this ID for the next step
2- then remove this session-helper:
FGT# config system session-helper
FGT#(session-helper) delete 12
FGT#(session-helper) end3 – Reboot the FortiGate in order for the above changes to take effect
3 – Reboot the FortiGate in order for the above changes to take effect
4 – Create a Protection Profile with SIP enabled
Instruction for FortiOS 4.0 and above
1 – Enter the following command to add an application control list called App_list_SIP, enable SIP support in the list, and limit REGISTER and INVITE requests to 100 requests per second per firewall policy (values are given as an example).
config application list
edit App_list_SIP
config entries
edit 1
set category voip
set application SIP
set register-rate 100
set invite-rate 100
end
end
2 – Enter the following command to add the App_list_SIP to a protection profile called SIP_Profile.
config firewall profile
edit SIP_Profile
set application-list-status enable
set application-list App_list_SIP
end
Merely wanna comment on few general things, The website pattern is perfect, the subject material is real good. “The way you treat yourself sets the standard for others.” by Sonya Friedman.