Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
rfs3pa
New Contributor II

Created on ‎01-03-2025 01:21 PM

SIP ALG on Dual-WAN

I'm on a FortiGate 61F running 7.4.3.  I have a VoIP PBX behind it using SIP Trunks.  When this was all set up originally I only had a single WAN connection (connected to WAN 2), and I did have to disable the SIP ALG helper in order to resolve dropped call issues.  I used this command and found the entry dealing with SIP and port 5060:

config system session-helper
show

I deleted it and all was well.  

Now I have added a backup ISP which is connected to WAN 1.  When on the backup I have calls dropping and I narrowed it down to SIP ALG by using a SIP ALG detector exe.  

When I run the detector on a laptop behind the forti on primary WAN it does not detect SIP ALG.

When I run the detector on a laptop behind the forti on backup WAN it does not detect SIP ALG on TCP.

When I run the detector on a laptop connected directly to the backup WAN modem it does not detect SIP ALG.

I thought deleting that session-helper entry was global, not just for one of the WAN ports.  And my policies are configured to use the zone that both WANs are in so I don't think that is the issue.  The screenshot below is the only policy that deals with my IP PBX.  This is in place to prevent inspection of traffic from the PBX.

 

Any advice where to look would be much appreciated.  Thanks!

 
 

SIP.png

Labels:
141
0 Kudos
3 REPLIES 3
Dhruvin_patel
Staff
Staff

Created on ‎01-04-2025 11:38 AM

Greetings!

 

I understand the SIP session helper is disabled as you have deleted the  config associated to the session helper

"config system session-helper
show"

 

However, have you verified SIP ALG settings? 

 

If the SIP ALG is disabled, then the setting will look as follows.

 

config system settings
    set default-voip-alg-mode kernel-helper-based
end

 ref: https://docs.fortinet.com/document/fortigate/7.6.1/administration-guide/147933/sip-alg-and-sip-sessi...

 

Please check the SIP ALG settings.

 

Regards!

If you have found a solution, please like and accept it to make it easily accessible to others.

Dhruvin Patel
86
rfs3pa
New Contributor II

Created on ‎01-06-2025 05:03 AM

I ran the show command there and verified that it looks like you said it should.

 

HomeOffice (settings) # show
config system settings
set default-voip-alg-mode kernel-helper-based
end

43
rfs3pa
New Contributor II

Created on ‎01-06-2025 10:17 AM

Interesting Update - This is happening on a 61F running 7.4.3.  I ported the conifg from it over to a 61E running 7.4.6 and I am not having the SIP ALG issues on that one.  I will upgrade the 61F tonight once the business is closed and see what happens. 

 

Any ideas on why this would be?

20
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.