{"id":2101,"date":"2016-06-10T05:29:28","date_gmt":"2016-06-10T05:29:28","guid":{"rendered":"http:\/\/pariswells.com\/blog\/?p=2101"},"modified":"2021-05-24T00:02:59","modified_gmt":"2021-05-24T00:02:59","slug":"how-to-enable-sip-traffic-outboundinbound-on-fortinetfortigate","status":"publish","type":"post","link":"https:\/\/pariswells.com\/blog\/networking\/how-to-enable-sip-traffic-outboundinbound-on-fortinetfortigate","title":{"rendered":"How to enable SIP traffic outbound\/inbound on Fortinet\/Fortigate"},"content":{"rendered":"<p>Below changes were added.<\/p><ul><li>Added TCP 5060 for SIP(As sometimes this can be TCP\/UDP) for all WANS<\/li><li>RTP port range 6200 \u2013 6214\u00a0added for Inbound for\u00a0all WANS<\/li><li>SIP domains allowed for Inbound for all WANS<\/li><\/ul><p>SIP ALG turn off \u2013 Need to run below commands if it\u2019s required. Best to test the phones after above changes.<\/p><p>&nbsp;<\/p><p><strong>en the Fortigate CLI from the dashboard and enter the following commands:<\/strong><\/p><ul><li><code>config system settings<\/code><\/li><li><code>set sip-helper disable<\/code><\/li><li><code>set sip-nat-trace disable<\/code><\/li><li>reboot the device<\/li><\/ul><p><strong>Re-open the CLI and enter the following commands:<\/strong><\/p><ul><li><code>config system session-helper<\/code><\/li><li><code>show<\/code>\u00a0\u00a0\u00a0\u00a0(locate the SIP entry, usually 12, but can vary)<\/li><li><code>delete 12<\/code>\u00a0\u00a0\u00a0\u00a0(or the number that you identified from the previous command)<\/li><\/ul><p><strong>Disable RTP processing as follows:<\/strong><\/p><ul><li><code>config voip profile<\/code><\/li><li><code>edit default<\/code><\/li><li><code>config sip<\/code><\/li><li><code>set rtp disable<\/code><\/li><\/ul><p>&nbsp;<\/p><p>&nbsp;<\/p><pre class=\"prettyprint\"><span class=\"pln\">config system settings<\/span><br \/><span class=\"kwd\">set<\/span> <span class=\"kwd\">default<\/span><span class=\"pun\">-<\/span><span class=\"pln\">voip<\/span><span class=\"pun\">-<\/span><span class=\"pln\">alg<\/span><span class=\"pun\">-<\/span><span class=\"pln\">mode kernel<\/span><span class=\"pun\">-<\/span><span class=\"pln\">helper<\/span><span class=\"pun\">-<\/span><span class=\"pln\">based<\/span><br \/><span class=\"kwd\">end<\/span><\/pre><p>Important is that you need to configure it on all the VDOM`s<br \/>\u00a0<br \/>A reboot is not necessary, Clearing the sessions worked for us:<\/p><pre class=\"prettyprint\"><span class=\"pln\">diagnose sys session filter<\/span><br \/><span class=\"pln\">diagnose sys session filter dport <\/span><span class=\"lit\">5060<\/span><br \/><span class=\"pln\">diagnose sys session clear<\/span><br \/><span class=\"pln\">diagnose sys session filter dport <\/span><span class=\"lit\">2000<\/span><br \/><span class=\"pln\">diagnose sys session clear<\/span><\/pre><p>&nbsp;<\/p><p><a href=\"https:\/\/www.infosecmonkey.com\/2021\/03\/08\/troubleshooting-sip-on-fortigate-firewalls\/\">Great diagnosis guide as well here\u00a0<\/a><\/p>","protected":false},"excerpt":{"rendered":"<p>Below changes were added.Added TCP 5060 for SIP(As sometimes this can be TCP\/UDP) for all WANSRTP port range 6200 \u2013 6214\u00a0added for Inbound for\u00a0all WANSSIP domains allowed [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1527],"tags":[1486,1251,1250,1428,1429,1116,1534,1533],"class_list":["post-2101","post","type-post","status-publish","format-standard","hentry","category-networking","tag-allow","tag-fortigate","tag-fortinet","tag-inbound","tag-outbound","tag-port","tag-ports","tag-sip"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/2101","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/comments?post=2101"}],"version-history":[{"count":3,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/2101\/revisions"}],"predecessor-version":[{"id":5092,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/2101\/revisions\/5092"}],"wp:attachment":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/media?parent=2101"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/categories?post=2101"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/tags?post=2101"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}