Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

VoIP/SIP traffic problems, RTP ports being changed by Fortigate

Some background on the problem - I've had this happen before and fixed it with someone else's help. I think the "set contact-fixup disable" command fixed it before. Now suddenly the problem is back, and seemingly without me making any config changes in our FG100E.

We have a VoIP device on our LAN, and it requires me to do port translations to access all the channels (example, for channel#3, UDP5060 gets translated to UDP5063). The problem is that the Fortigate seems to translate some ports into the 7000 range instead, and I know this is what the SIP-Helper does by default. In my config, SIP ALG is handling the SIP traffic, which I confirmed with this command: diag sys sip-proxy stat I also have these settings in the config:


config system settings set sip-nat-trace disable


config voip profile edit "VoIP" config sip set contact-fixup disable


So, here's the behavior I see when I do a packet capture within the Fortigate. The SIP negotiation works fine, it translates ports 5060 to 5063 correctly. The problem then begins when the RTCP/RTP traffic starts. I have RTP set to translate to port 6035, but my packet capture shows "Src Port: 6035, Dst Port: 7259".

I cannot figure out why it is getting changed to port 7259. I don't see anything in the text config that lists that range. Any ideas?


Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors