Description |
This article describes how to apply VoIP profile where SIP inspection is not required for specific traffic crossing IPv4 policy.
The latest FortiGate versions have by default VoIP SIP ALG enabled globally and sometimes the FortiGate needs to handle more than one VoIP solutions where one solution will need SIP ALG active and other VoIP solutions will not be required.
Default FortiGate configuration:
# config system settings
But if needed specific traffic does not have SIP ALG inspection active, It is possible to accomplish this by adding a VoIP profile to a specific IPv4 policy.
config voip profile
By CLI:
config firewall policy
Note: Enable VoIP feature from System -> Feature Visibility -> VoIP.
|
Scope | FortiGate. |
Solution |
Having VoIP profiles where one has SIP ALG disabled, allows one to decide which traffic needs SIP inspection and which does not at the policy level.
|
Hey Helio,
Mate, I got confused with this part : "But if needed specific traffic does not have SIP ALG inspection active, It is not possible to accomplish by adding a VoIP profile at a specific IPv4 policy."
You wrote is not possible to use a voip profile to have SIP ALG not inspecting the traffic, then you show how to apply a voip profile to do that.
Also, you started the article with this sentence: This article describes how to apply VoIP profile where SIP inspection is not required for specific traffic crossing IPv4 policy.
Regards
Danilo
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.