Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Renante_Era
Staff
Staff

Created on ‎12-12-2024 10:16 PM

Article Id 364408

Troubleshooting Tip: How to check FortiGate config if SIP ALG is disabled

Description This article describes how to check whether the FortiGate config and SIP ALG were already disabled or not.
Scope FortiGate.
Solution

The following are the steps that can be followed when unsure if SIP ALG is disabled or not.

 

  1. Open the FortiGate CLI via GUI or SSH.
  2. Check if 5060 exists in the config. 

    show full system session-helper | grep 5060

  3. Review system settings and identify if default-voip-alg-mode is set to kernel-helper-based.

    show full system | grep default-voip-alg-mode

 

In general, SIP ALG was already disabled if port 5060 was not available in the config system session-helper, and default-voip-alg-mode was set to kernel-helper-based. 

 

Further references if SIP ALG needs to be disabled:

Disabling VoIP Inspection - Fortinet Community

One way Audio issue in VOIP (with SIP ALG... - Fortinet Community
3606
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.