Is your VOIP phone not working in your network over you fortigate firewall? This could be your fix.When configuring SIP on a FortiGate, it is recommended to disable the SIP session-helper and work with the SIP Application Layer Gateway to ensure compatibility across SIP systems.
Login to your fortinet firewall on the browser and open the CLI in the dashboard.
1- Check the Session-helper number:
FGT# show system session-helper
edit 12 (1)
set name sip
set port 5060
set protocol 17
(1) Use this ID for the next step
2- then remove this session-helper:
FGT# config system session-helper
FGT#(session-helper) delete 12
FGT#(session-helper) end3 – Reboot the FortiGate in order for the above changes to take effect
3 – Reboot the FortiGate in order for the above changes to take effect
4 – Create a Protection Profile with SIP enabled
Instruction for FortiOS 4.0 and above
1 – Enter the following command to add an application control list called App_list_SIP, enable SIP support in the list, and limit REGISTER and INVITE requests to 100 requests per second per firewall policy (values are given as an example).
config application list
set category voip
set application SIP
set register-rate 100
set invite-rate 100
2 – Enter the following command to add the App_list_SIP to a protection profile called SIP_Profile.
config firewall profile
set application-list-status enable
set application-list App_list_SIP