How to enable SIP traffic outbound/inbound on Fortinet/Fortigate

Written by paris on . Posted in Networking

Below changes were added.

  • Added TCP 5060 for SIP(As sometimes this can be TCP/UDP) for all WANS
  • RTP port range 6200 – 6214 added for Inbound for all WANS
  • SIP domains allowed for Inbound for all WANS

SIP ALG turn off – Need to run below commands if it’s required. Best to test the phones after above changes.

 

en the Fortigate CLI from the dashboard and enter the following commands:

  • config system settings
  • set sip-helper disable
  • set sip-nat-trace disable
  • reboot the device

Re-open the CLI and enter the following commands:

  • config system session-helper
  • show    (locate the SIP entry, usually 12, but can vary)
  • delete 12    (or the number that you identified from the previous command)

Disable RTP processing as follows:

  • config voip profile
  • edit default
  • config sip
  • set rtp disable

 

 

config system settings
set default-voip-alg-mode kernel-helper-based
end

Important is that you need to configure it on all the VDOM`s
 
A reboot is not necessary, Clearing the sessions worked for us:

diagnose sys session filter
diagnose sys session filter dport 5060
diagnose sys session clear
diagnose sys session filter dport 2000
diagnose sys session clear

 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Tags: allow, Fortigate, Fortinet, inbound, outbound, port, ports, SIP

Trackback from your site.