Fortinet Firewall - Disabling ALG

Fortinet Firewall - Disabling ALG

How to Disable SIP ALG on Fortinet / FortiGate

SIP ALG is used to try and avoid configuring Static NAT on a router. Its implementation, however, varies from one router to another, often making it difficult to inter-operate a router with SIP ALG enabled with a PBX. In general, you would want to disable SIP ALG and configure one to one port mapping on the router.

In this article, we will show you how to disable SIP ALG on FortiGate. On devices running FortiOs, you will need to disable this in multiple places as shown below.

  1. Open the Fortigate CLI from the dashboard
  2. Enter the following commands in FortiGate’s CLI
    1. config system settings
    2. set sip-helper disable
    3. set sip-nat-trace disable
    4. reboot the device
  3. Reopen CLI and enter the following commands (do not enter the text after //)
    1. config system session-helper
    2. show    //you need to find the entry for SIP, usually 12, but can vary
    3. delete 12     //or the number that you identified from the previous command
  4. Disable RTP processing as follows:
    1. config voip profile
    2. edit default
    3. config sip
    4. set rtp disable
    • Related Articles

    • Common VoIP Issues

      Latency and Jitter: Latency is the time gap that it takes the audio to reach the user. When you have the firewall configured to prioritize VoIP traffic, latency is not an issue. Jitter is a type of poor audio. Jitter is often an Internet Service ...
    • External Shoretel transfers having audio blocked

      Recently, we had a turnup that involved a Shoretel pbx switch in one city (in Ohio) and phones set up in the pbx in another distant city (in CA).  After several attempts to find out why the audio was being blocked on these transfers, the techs found ...