FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 211664
Description This article describes the situation where there is a need to delete MGCP and H323 protocols under session helper.

SIP is the most widely used signaling protocol when it comes to VOIP traffic, however there are a few other protocols for example,  H323(mainly for video) and MGCP(voice gateways) responsible for the VOIP based on the phone make and model.


In a typical SIP or H.323 installation, administrators are required to configure both the IP PBX and the voice gateway individually.


MGCP delivers a deeper integration that allows administrators to configure the gateways from the interface of the IP PBX itself.

In this way, an MGCP gateway ceases to function independently and rather is instructed, controlled, and operated by the IP PBX in much the same way that an IP phone is configured and controlled.


By default, FortiGate is using SIP ALG to process SIP-related traffic, however some SIP providers recommend disabling SIP ALG in the firewall.


The way it works is as below:


1) If proxy-based is selected which is a default mode, then no matter if the session helper is configured, ALG mode supersede and session helper is doing nothing.

2) If kernel-helper-based is configured, then it means that the initiating session helper is to assist the VOIP traffic.


If the session helper number 13 is deleted and do not change it to ALG mode(proxy-based) then basically it is relying on IPv4 policy only, as for VOIP traffic which means that ALG is not configured and session helper is also not going to kick in since number 13 is deleted.


Proxy-based – default SIP ALG mode
Kernel-helper-based – SIP session helper

Even after removing entry number 13 for SIP under session helper does not resolve the issue then it's worth trying the below:


# config system session-helper
    show full-config   //find the entry number related      to MGCP and H.323

    delete X          //where X is the number for MGCP      and H.323