Below changes were added.

• Added TCP 5060 for SIP(As sometimes this can be TCP/UDP) for all WANS
• RTP port range 6200 – 6214 added for Inbound for all WANS
• SIP domains allowed for Inbound for all WANS

SIP ALG turn off – Need to run below commands if it’s required. Best to test the phones after above changes.

 

en the Fortigate CLI from the dashboard and enter the following commands:

• config system settings
• set sip-helper disable
• set sip-nat-trace disable
• reboot the device

Re-open the CLI and enter the following commands:

• config system session-helper
• show    (locate the SIP entry, usually 12, but can vary)
• delete 12    (or the number that you identified from the previous command)

Disable RTP processing as follows:

• config voip profile
• edit default
• config sip
• set rtp disable

 

 

config system settings
set default-voip-alg-mode kernel-helper-based
end

Important is that you need to configure it on all the VDOM`s
 
A reboot is not necessary, Clearing the sessions worked for us:

diagnose sys session filter
diagnose sys session filter dport 5060
diagnose sys session clear
diagnose sys session filter dport 2000
diagnose sys session clear

 

Great diagnosis guide as well here 

Tags: allow, Fortigate, Fortinet, inbound, outbound, port, ports, SIP

Trackback from your site.