June 2020
Information passed along by one of our Partners for the Fortigate (Various Models)
Models tested: 30E, 60D/F, 90D, 100E
Some commands will not work, move on if they don’t. The terminology has been changed depending on the firmware. A reboot is unnecessary until completion (or you can do a full session clear).
Open CLI
Config System Settings
- Set Sip-Helper to Disable
- Set Sip-Nat-Trace to Disable
- Set Sip-Expectation to Disable
- Set default-voip-alg-mode kernel-helper-based
- Type end
Config System Session-Helper
- Type: show
- There may be multiple pages, hit spacebar to continue
- Type: delete #
- You must locate the SIP helper ID # only, do not delete anything else here. The deletion has no confirmation. It should look like this:
- Type: end
Disable RTP processing as follows:
Config VoIP Profile
- Edit default
- Config sip
- Set RTP disable
Reboot or session clear.
The phones “may” need to be restarted. In the OnSIP Admin Portal, under the User, click registration. You should no longer see “NAT Not Detected”; you should see an external IP for NAT Address and the internal IP for contact.
======/
February 2018 - Information passed along by a customer for the Fortigate OS version 5.4.x
Fortigate configuration that turned off the SIP and allowed audio:
Fortigate OS version 5.4.x
edit 13
set name sip
set port 5060
set protocol 17
next
end
config system settings
set sip-helper disable
set sip-nat-trace disable
set default-voip-alg-mode kernel-helper-based
end
Then create a rule allowing all traffic outbound from the LAN to the OnSIP public IPs 199.7.172.0/22
After that is done reboot the firewall. This will clear all the sessions.
Comments