Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
JNDias
Staff & Editor
Staff & Editor

Created on ‎09-20-2024 07:14 AM Edited on ‎11-26-2025 10:41 PM By Community Manager

Article Id 342841

Technical Tip: VoIP and SIP configuration and troubleshooting resource lists

Description

 

This article provides a list of resources that can be used to configure and troubleshoot VoIP on FortiGate.

 

Scope

 

FortiGate.

 

Solution

 

General Settings
Title and Links Description
VoIP solutions Fortigate Official FORTINET libraries and use cases.
Technical Tip: Changes in SIP ALG's behavior after upgrading in v7.0 or v7.2 GA versions Changes in default behavior in v7.0.0 and v7.2.0 for SIP ALG.
Technical Tip: VOIP calls (using SIP)  
Technical Tip: Disabling VoIP Inspection Disable SIP-inspection on FortiGate and explain the consequences.
Technical Tip: SIP ALG to prevent unwanted calls Use the SIP ALG to prevent the ALG from opening SIP pinholes for unwanted VoIP calls.
Technical Tip: VoIP profile to policy where no SIP inspection is required Apply the VoIP profile where SIP inspection is not required for specific traffic crossing the IPv4 policy.
Technical Tip: When to use each VoIP ALG mode setting on FortiGate Recommended scenarios for to use of each VoIP mode that is available on a FortiGate firewall.
Technical Tip: How SIP-ALG and Session helper works in FortiGate Methods to choose SIP-ALG and Session Helper.
Technical Tip: Prevent attackers from using outbound ports/sessions to register to an internal PBX Prevent malicious actors from trying to register on an internal PBX by scanning the FortiGate WAN IP.

 

Troubleshooting
Title and Links Description
Technical Tip: SIP useful Commands Troubleshooting SIP traffic (sip session-helper or SIP-ALG).
Technical Tip: Checking VOIP traffic flow using Wireshark How to use Wireshark to help view or understand the VOIP flow.
Troubleshooting Tip: How to overcome a situation where a SIP call remains active after remote party ... A situation where a SIP call remains active after the remote party's call termination.
Troubleshooting Tip: Port 5060 and port 2000 receives getting a SYN-ACK from FortiGate when nmap is ... Why is a SYN-ACK seen from FortiGate when nmap is initiated toward a non-existing IP address.
Troubleshooting Tip: No audio with SIP, debug flow shows error message 'iprope_in_check() check fail... Issue where no audio is audible for phones, and debug logs show the error 'iprope_in_check() check failed on policy 0, drop' even when a policy is configured.
Troubleshooting Tip: One way Audio issue in VOIP (with SIP ALG) How SIP ALG processes VoIP traffic and why one-way audio issues may occur.
Technical Tip: VOIP Profile missing on GUI or UTM Profile VoIP profiles in the UTM features of the GUI.
Troubleshooting Tip: VoIP audio issues due to packet loss - DoS policy thresholds How to resolve VoIP audio issues caused by packet loss while using FortiGate.
Troubleshooting Tip: VoIP traffic logging as a troubleshooting and monitoring tool Use logging in VoIP profiles to monitor traffic and/or troubleshoot VoIP-related issues in SIP or SCCP protocols.
Technical Tip: SIP Helper / ALG preserve source IP and port information The NAT firewall policy that accepts SIP sessions removes the original IP in SDP.
Troubleshooting Tip: How WIFI Calling works (VoWIFI) work through FortiGate How to successfully establish a VoWIFI call (WIFI Calling Service).
Technical Tip: 3CX Server Mapping does not match Explains why the local 3CX VoIP server trough an error 'Mapping does not match <port>Mapping is <another_port>'.
Troubleshooting Tip: How to overcome a situation where SIP calls are disconnected within 30 seconds ... Why are SIP calls disconnected within 30 seconds after being answered.
Troubleshooting Tip: An SIP call cannot be established and the destination party returns an SIP mess... How to resolve a situation where a SIP call cannot be established and the destination party returns a SIP message containing 'Status: 415 Unsupported Media Type'.
Troubleshooting Tip: How to resolve a situation where a SIP calls between branches have no audio

How to resolve a situation where SIP calls between branches have no audio, but calls from branches to the main office (and vice-versa) work fine.
Troubleshooting Tip:SIP call cannot be established and the destination party returns a SIP message c... 

How to resolve a situation where a SIP call cannot be established, and the destination party returns a SIP message containing 'Status: 302 Moved Temporarily'.
Technical Tip: How to overcome a situation where a SIP call cannot be established and the destinatio... 

How to resolve a situation where a SIP call cannot be established and the destination party returns a SIP message containing 'Status: 488 Not Acceptable Here'.
Troubleshooting Tip: SCCP (TCP port 2000) traffic stops working after upgrading from v7.0.12 to v7.2...

This article describes how the VoIPD daemon's default behavior changes in v7.2.7 can impact SCCP (TCP 2000) traffic.

 

List of Resource Lists: Technical Tip: FortiGate Resource Lists.

14301
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.