FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes how to verify if SIP session helper or SIP ALG are used to process the SIP traffic.

In case the SIP session helper is being used instead of the SIP ALG, one can use the #diagnose sys sip command to determine if the SIP session helper is processing SIP sessions.

For example, the following command displays the overall status of the SIP sessions being processed by the SIP session helper:
#diagnose sys sip status
dialogs: max=32768, used=0
mappings: used=0
dialog hash by ID: size=2048, used=0, depth=0
dialog hash by RTP: size=2048, used=0, depth=0
mapping hash: size=2048, used=0, depth=0
count0: 0
count1: 0
count2: 0
count3: 0
count4: 0
This command output shows that the session helper is not processing SIP sessions because all of the used and count fields are 0.
If any of these fields contains non-zero values then the SIP session helper may be processing SIP sessions.

Check if some ALG-only features are not being applied to all SIP sessions.
For example, FortiView pages displays statistics for SIP and SCCP calls processed by the ALG but not for calls processed by the session helper.
If fewer calls than expected are detected, the session helper may be processing some of them.
Check the policy usage and session information dashboard widgets to see if SIP sessions are being accepted by the wrong security policies.

#diagnose sys sip command only displays current status information.
To see the activity, the SIP session helper has to process SIP sessions when the command is entered.
For example, if the SIP session helper has been used for processing calls that ended 5 minutes ago, the command output would show no SIP session helper activity.