Professional Documents
Culture Documents
Deshabilitar Inspeccion VOIP en Fortinet
Deshabilitar Inspeccion VOIP en Fortinet
Deshabilitar Inspeccion VOIP en Fortinet
Products
FortiGate v5.2
Description
In most cases, Fortinet recommends the use of SIP/SCCP proxy/ALG.
For more details on the benefits of the SIP ALG in FortiOS, as well as information on how to troubleshoot SIP
issues, please consult the VoIP Solutions handbook.
That said, this article explains how to disable use of SIP or SCCP proxy/ALG or session helper (legacy
ALG). In this mode, FortiGate will be acting as a basic firewall.
In FortiOS 5.2, the FortiOS default is for all SIP traffic to be handled by the FortiOS proxy/ALG.
See related article "SIP and SCCP Traffic is Handled by the VoIP ALG/Proxy by default in FortiOS 5.2"
note: In FortiOS 5.0, if no VoIP profile was applied, the SIP session helper would be applied.
Preparation:
In preparation for removing SIP proxy & session helper functionality, two additional steps are required.
If the SIP traffic is NAT'd when passing through the FortiGate, the SIP server must be configured to use its
public IP address in the application header. All other VoIP equipment must also refer to the SIP server by its
public IP.
Firewall policies must now explicitly allow all UDP ports to be opened for the audio traffic (and not only the SIP
or SCCP control ports).
Amongst the displayed setting will be one similar to the following example:
edit 13
set name sip
set protocol 17
set port 5060
delete 13
end
Ideally you would only delete sessions related to VoIP traffic. However, in the case of SIP, this means not only
deleting the SIP control sessions but also all sessions opened to handle the audio (RTP) traffic. If you know
the port-range used for the audio traffic, you can be selective with your session clear by first applying a filter.
The command to clear sessions applies to ALL session unless a filter is applied, and therefore will interrupt
traffic.
b) Alternatively, reboot the FortiGate using either GUI or CLI. The CLI command is:
execute reboot