Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
JNDias
Staff
Staff

Created on ‎09-20-2024 07:14 AM Edited on ‎10-09-2024 04:34 AM By Community Manager

Article Id 342841

Technical Tip: VoIP and SIP configuration and troubleshooting resource lists

Description

 

This article provides a list of resources that can be used to configure and troubleshoot VoIP on FortiGate.

 

Scope

 

FortiGate.

 

Solution

 

General Settings
Title and Links Description
VoIP solutions Fortigate - Document Libary Official FORTINET libraries and usecases
Changes in SIP ALG's behavior after upgrading in v7.0 or v7.2 GA versions Changes in default behavior in v7.0.0 and v7.2.0 for SIP ALG
VOIP calls (using SIP)  
Disabling VoIP Inspection Disable SIP-inspection on FortiGate and explains the consequences
SIP ALG to prevent unwanted calls Use the SIP ALG to prevent the ALG to open SIP pinholes for unwanted VoIP calls
VoIP profile to policy where no SIP inspection is required Apply VoIP profile where SIP inspection is not required for specific traffic crossing IPv4 policy
When to use each VoIP ALG mode setting on FortiGate Recommended scenarios for to use of each VoIP mode that is available on a FortiGate firewall
How SIP-ALG and Session helper works in FortiGate Methods to choose SIP-ALG and Session Helper

 

Troubleshooting
Title and Links Description
SIP useful Commands Troubleshooting SIP traffic (sip session-helper or SIP-ALG)
Checking VOIP traffic flow using Wireshark How to use Wireshark to help view or understand the VOIP flow
How to overcome a situation where a SIP call remains active after remote party call termination. A situation where a SIP call remains active after remote party call termination.
Port 5060 and port 2000 receives getting a SYN-ACK from FortiGate when nmap is initiated toward a no... Why a SYN-ACK is seen from FortiGate when nmap is initiated toward a non-existing IP address
No audio with SIP, debug flow shows error message 'iprope_in_check() check failed on policy 0, drop' Issue where no audio is audible for phones and debug logs shows the error 'iprope_in_check() check failed on policy 0, drop' even when a policy is configured
One way Audio issue in VOIP (with SIP ALG) How SIP ALG processes VoIP traffic and why one-way audio issues may occur
VOIP Profile missing on GUI or UTM Profile VoIP profiles in UTM features of the GUI
VoIP audio issues due to packet loss - DoS policy thresholds How to resolve VoIP audio issues caused by packet loss while using FortiGate
VoIP traffic logging as a troubleshooting and monitoring tool Use logging in VoIP profiles to monitor traffic and/or troubleshoot VoIP related issues in SIP or SCCP protocols
SIP Helper / ALG preserve source IP and port information NAT firewall policy that accepts SIP sessions remove the original IP in SDP
How to troubleshoot WIFI Calling Service (VoWIFI) through Fortigate How to successfully establish a VoWIFI call (WIFI Calling Service)
3CX Server Mapping does not match Explains why local 3CX VoIP server trough error 'Mapping does not match <port>Mapping is <another_port>'
How to overcome a situation where SIP calls are disconnected within 30 seconds after being answered Why SIP calls are disconnected within 30 seconds after being answered.

 

List of Resource Lists: Technical Tip: FortiGate Resource Lists

1154
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.