Good Morning All,
I have recently had issues with A Digium SIP phone system behind a Fortigate firewall. I searched around the internet but did not find much that gave me any help. So, I thought I would post this to try and help the community. Remember to make a backup of your configuration before you start and save it for reference in case you need to reverse in the future. I am pretty sure this will work on all 5.x.x versions.
We are in the process of setting up a Hosted Solution for virtual phone systems using VMware as the host platform and Fortigate as our firewall/NAT device.
I had trouble getting the SIP audio to work through the firewall. I had to disable the SIP-helper, SIP-NAT-Trace, and RTP in the firewall configuration. You will have to reboot the firewall after you do the following procedures in order for the changes to take effect.
1. Log in to the Fortigate CLI using your favorite method. (SSH or Dashbord)
2. At the CLI enter the following commands
a. config system settings
b. set sip-helper disable
c . set sip-nat-trace disable
d. end
e. config system session-helper
f. show (this command will give you a list of session helpers. find the one that says SIP)
g. delete <number of the SIP entry from previous>
h. end
i. config voip profile
j. edit default
k. config sip
l. set rtp disable
m. end
Now reboot your firewall and you should be able to get audio now as long as your firewall rules and policies are correct. Mine works like a charm.
Tommy
set the default alg mode to kernel based and see if it helps.
Mike Pruett
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.