FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
gmanea
Staff
Staff
Article Id 190757

Description

This article explains how to confirm if SIP traffic is being handled by SIP ALG or by SIP session-helper.


Solution
By default, FortiGate is using SIP ALG to process SIP traffic.

Verify it by checking the configuration and counters:

FortiGate # show full system setting | grep default-voip-alg-mode
#set default-voip-alg-mode proxy-based

Proxy-based         <----- Default SIP ALG mode.
Kernel-helper-based <----– SIP session helper.

To verify counters based on the mode:

1) If SIP Sessions Helper is handling the SIP traffic, the command below will display counters:

FortiGate # diag sys sip status
dialogs: max=131072, used=0
mappings: used=0
dialog hash by ID: size=8192, used=0, depth=0
dialog hash by RTP: size=8192, used=0, depth=0
mapping hash: size=8192, used=0, depth=0
count0: 0
count1: 2
count2: 10
count3: 0
count4: 0

2) If SIP ALG is handling the SIP traffic, the command below will display counters:

FortiGate # diag sys sip-proxy stat
sip stats

vdom name: root
---------------------------
     active-sessions: 1
     calls-attempted: 57
     calls-established: 27
     calls-failed: 30

     calls-active: 0
     registers-active: 1
              |     received  |     blocked   |  unknown form |  long headers
     req-type |    req    resp|    req    resp|    req    resp|    req    resp
     UNKNOWN         0   47227       0   47227       0   47227       0       0
     ACK            86       0       0       0       0       0       0       0
     BYE            27      27       0       0       0       0       0       0
     CANCEL         14      14       0       0       0       0       0       0
     INFO            0       0       0       0       0       0       0       0
     INVITE        107     223       0       0       0       0       0       0
     MESSAGE         0       0       0       0       0       0       0       0
     NOTIFY       5789    5788       0       0       0       0       0       0
     OPTIONS         0       0       0       0       0       0       0       0
     PRACK           0       0       0       0       0       0       0       0
     PUBLISH     10371     802       0       1       0       0       0       0
     REFER           2       2       0       0       0       0       0       0
     REGISTER   100678   81543      25       0      25       0       0       0
     SUBSCRIBE   19857   13333       0       2       0       0       0       0
     UPDATE          0       0       0       0       0       0       0       0
     PING            0       0       0       0       0       0       0       0

To verify based on the session created by SIP port :

 

First filter and display the session:

# diag sys session filter dport 5060

# diag sys session filter dst x.x.x.x (public IP of the SIP provider)

# diag sys session list

Then look for the flags:

1. If session has "ndr" flag >> flow SIP (ips) handles the traffic

2. If session has "redir" and "local" flags >> SIP ALG handles the traffic

3. If session only has "helper=sip" >> SIP kernel helper (session-helper)

 

Related links.
https://docs.fortinet.com/document/fortigate/6.4.5/administration-guide/858887/voip-solutions
https://docs.fortinet.com/document/fortigate/6.2.7/cookbook/858887/voip-solutions
https://pub.kb.fortinet.com/ksmcontent/Fortinet-Public/current/FortiGate_6_0/fortigate-sip-603.pdf
https://kb.fortinet.com/kb/documentLink.do?popup=true&externalID=fortigate-voip-sip-521pdf

Related Articles

Technical Tip: VOIP calls (using SIP)

Technical Tip: Disabling VoIP Inspection

Techincal Tip: SIP useful Commands

Technical Tip: Enabling the SIP Application Layer Gateway (ALG)

Technical Tip: How to confirm if FortiGate is using SIP Session Helper or SIP ALG

Technical Tip: How to use the SIP ALG to prevent unwanted calls

SIP and SCCP Traffic is Handled by the VoIP ALG/Proxy by default in FortiOS 5.2

Contributors