| Description |
This article describes how to add more than one UDP port for SIP inspection at FortiGate. |
| Scope | FortiGate. |
| Solution |
By default, FortiGate will use only UDP port 5060 for SIP inspection with proxy-based SIP ALG:
config system setting set default-voip-alg-mode proxy-based <----- SIP ALG enabled. end
However upon checking the default port used for SIP, it becomes apparent that only port 5060 is configured:
config system setting set sip-udp-port 5060 <- SIP ALG port configured by default set gui-voip-profile enable end
Some customers need FortiGate to have more than one VoIP solution using different UDP ports, where SIP inspection is required for each. To accomplish this, add additional UDP ports in the CLI.
The following example shows a configuration that adds UDP port 5070:
config system settings set sip-udp-port 5060 5070 <----- SIP ALG listen on two ports 5060 and 5070. set gui-voip-profile enable end
This configuration makes it possible to set SIP inspection for UDP ports 5060 and 5070 at the same time.
To revert to the original configuration, use the following command to set only UDP port 5060 as active by default:
config system settings unset sip-udp-port end
Setting more than one UDP port for SIP inspection allows for the existence of multiple VoIP solutions working through FortiGate at the same time. |
