Fortinet / Fortigate

June 2020

Information passed along by one of our Partners for the Fortigate (Various Models)

Models tested: 30E, 60D/F, 90D, 100E
Some commands will not work, move on if they don’t.  The terminology has been changed depending on the firmware. A reboot is unnecessary until completion (or you can do a full session clear).

Open CLI

Config System Settings

  • Set Sip-Helper to Disable
  • Set Sip-Nat-Trace to Disable
  • Set Sip-Expectation to Disable
  • Set default-voip-alg-mode kernel-helper-based
  • Type end

Config System Session-Helper

  • Type: show
  • There may be multiple pages, hit spacebar to continue
  • Type: delete #
  • You must locate the SIP helper ID # only, do not delete anything else here. The deletion has no confirmation. It should look like this:

  • Type: end

Disable RTP processing as follows:

Config VoIP Profile

  • Edit default
  • Config sip
  • Set RTP disable

Reboot or session clear.

The phones “may” need to be restarted.  In the OnSIP Admin Portal, under the User, click registration. You should no longer see “NAT Not Detected”; you should see an external IP for NAT Address and the internal IP for contact.


February 2018 - Information passed along by a customer for the Fortigate OS version 5.4.x

Fortigate configuration that turned off the SIP and allowed audio:

Fortigate OS version 5.4.x

 edit 13

set name sip

set port 5060

set protocol 17



 config system settings

set sip-helper disable

set sip-nat-trace disable

set default-voip-alg-mode kernel-helper-based


Then create a rule allowing all traffic outbound from the LAN to the OnSIP public IPs 

After that is done reboot the firewall.  This will clear all the sessions.

Was this article helpful?
0 out of 0 found this helpful