Created on 05-10-2022 09:33 PM Edited on 05-10-2022 10:36 PM By Anonymous
Description | This article describes the situation where there is a need to delete MGCP and H323 protocols under session helper. |
Scope |
SIP is the most widely used signaling protocol when it comes to VOIP traffic, however there are a few other protocols for example, H323(mainly for video) and MGCP(voice gateways) responsible for the VOIP based on the phone make and model.
In a typical SIP or H.323 installation, administrators are required to configure both the IP PBX and the voice gateway individually.
MGCP delivers a deeper integration that allows administrators to configure the gateways from the interface of the IP PBX itself.
|
Solution |
By default, FortiGate is using SIP ALG to process SIP-related traffic, however some SIP providers recommend disabling SIP ALG in the firewall.
The way it works is as below:
1) If proxy-based is selected which is a default mode, then no matter if the session helper is configured, ALG mode supersede and session helper is doing nothing.
If the session helper number 13 is deleted and do not change it to ALG mode(proxy-based) then basically it is relying on IPv4 policy only, as for VOIP traffic which means that ALG is not configured and session helper is also not going to kick in since number 13 is deleted.
Proxy-based – default SIP ALG mode
# config system session-helper delete X //where X is the number for MGCP and H.323 end |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.