This article describes how to apply VoIP profile where SIP inspection is not required for specific traffic crossing IPv4 policy.
The latest FortiGate versions have by default VoIP SIP ALG enabled globally and sometimes the FortiGate needs to handle more than one VoIP solutions where one solution will need SIP ALG active and other VoIP solutions will not be required.
FortiGate config by default:
# config system settings
set default-voip-alg-mode proxy-based <----- SIP ALG enabled.
But if needed specific traffic does not have SIP ALG inspection active, It is not possible to accomplish by adding a VoIP profile at a specific IPv4 policy.
1) Create VoIP profile with no SIP inspection by CLI:
# config voip profile
set status disable <----- Disable SIP inspection.
set rtp disable <----- Avoid RTP pinholes creation.
2) Assign such VoIP profile to the policy desired:
# config firewall policy
set name "disable VoIP"
set utm-status enable
set voip-profile "VoIP_ALG_Off" <----- VoIP profile assigned.
Enable VoIP feature from System -> Feature Visibility -> VoIP.