Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
JNDias
Staff
Staff

Created on ‎09-20-2024 07:14 AM Edited on ‎12-02-2024 05:33 AM By Moderator

Article Id 342841

Technical Tip: VoIP and SIP configuration and troubleshooting resource lists

Description

 

This article provides a list of resources that can be used to configure and troubleshoot VoIP on FortiGate.

 

Scope

 

FortiGate.

 

Solution

 

General Settings
Title and Links Description
VoIP solutions Fortigate - Document Libary Official FORTINET libraries and usecases.
Changes in SIP ALG's behavior after upgrading in v7.0 or v7.2 GA versions Changes in default behavior in v7.0.0 and v7.2.0 for SIP ALG.
VOIP calls (using SIP)  
Disabling VoIP Inspection Disable SIP-inspection on FortiGate and explains the consequences.
SIP ALG to prevent unwanted calls Use the SIP ALG to prevent the ALG to open SIP pinholes for unwanted VoIP calls.
VoIP profile to policy where no SIP inspection is required Apply VoIP profile where SIP inspection is not required for specific traffic crossing IPv4 policy.
When to use each VoIP ALG mode setting on FortiGate Recommended scenarios for to use of each VoIP mode that is available on a FortiGate firewall.
How SIP-ALG and Session helper works in FortiGate Methods to choose SIP-ALG and Session Helper.
Prevent attackers from using outbound ports/sessions to register to an internal PBX Prevent malicious actors from trying to register into an internal PBX by scanning the FortiGate WAN IP.

 

Troubleshooting
Title and Links Description
SIP useful Commands Troubleshooting SIP traffic (sip session-helper or SIP-ALG).
Checking VOIP traffic flow using Wireshark How to use Wireshark to help view or understand the VOIP flow.
How to overcome a situation where a SIP call remains active after remote party call termination. A situation where a SIP call remains active after remote party call termination.
Port 5060 and port 2000 receives getting a SYN-ACK from FortiGate when nmap is initiated toward a no... Why a SYN-ACK is seen from FortiGate when nmap is initiated toward a non-existing IP address.
No audio with SIP, debug flow shows error message 'iprope_in_check() check failed on policy 0, drop' Issue where no audio is audible for phones and debug logs shows the error 'iprope_in_check() check failed on policy 0, drop' even when a policy is configured.
One way Audio issue in VOIP (with SIP ALG) How SIP ALG processes VoIP traffic and why one-way audio issues may occur.
VOIP Profile missing on GUI or UTM Profile VoIP profiles in UTM features of the GUI.
VoIP audio issues due to packet loss - DoS policy thresholds How to resolve VoIP audio issues caused by packet loss while using FortiGate.
VoIP traffic logging as a troubleshooting and monitoring tool Use logging in VoIP profiles to monitor traffic and/or troubleshoot VoIP related issues in SIP or SCCP protocols.
SIP Helper / ALG preserve source IP and port information NAT firewall policy that accepts SIP sessions remove the original IP in SDP.
How to troubleshoot WIFI Calling Service (VoWIFI) through Fortigate How to successfully establish a VoWIFI call (WIFI Calling Service).
3CX Server Mapping does not match Explains why local 3CX VoIP server trough error 'Mapping does not match <port>Mapping is <another_port>'.
How to overcome a situation where SIP calls are disconnected within 30 seconds after being answered Why SIP calls are disconnected within 30 seconds after being answered.
Troubleshooting Tip: An SIP call cannot be established and the destination party returns an SIP mess... How to resolve a situation where a SIP call cannot be established and the destination party returns a SIP message containing 'Status: 415 Unsupported Media Type'.
Troubleshooting Tip: How to resolve a situation where a SIP calls between branches have no audio

How to resolve a situation where SIP calls between branches have no audio, but calls from branches to the main office (and vice-versa) works fine.
Troubleshooting Tip:SIP call cannot be established and the destination party returns a SIP message c... 

How to resolve a situation where a SIP call cannot be established and the destination party returns a SIP message containing 'Status: 302 Moved Temporarily'.
Technical Tip: How to overcome a situation where a SIP call cannot be established and the destinatio... 

How to resolve a situation where a SIP call cannot be established and the destination party returns a SIP message containing 'Status: 488 Not Acceptable Here'.

 

List of Resource Lists: Technical Tip: FortiGate Resource Lists

5390
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.