Fortigate: SIP and the session helper and ALG

By default the Fortigate has the SIP session helper enabled. In most cases this is unneeded and unwanted and should probably be turned off.

The following steps can be taken to disable the SIP session helper:

#config system session-helper
#show   <--- use this to display all the session helpers to find the SIP entry
#delete <sip entry>
#end
#config system settings
#set sip-helper disable
#end

The following will delete all active SIP dialogs currently being processed by the SIP helper:

#diag sys sip dialog clear

 

SIP ALG

If SIP inspection/header modification is needed then the ALG should be used in most cases. The ALG is enabled by applying the VoIP UTM profile to your firewall policies. In some cases the VoIP profile is hidden in the GUI and needs to be enabled first:

System —> Admin —> Settings —-> Display Options on GUI, enable VoIP

 

Leave a Reply