How to disable SIP ALG on FortiGate Firewall

  1. Before making any changes be sure to backup your current configuration
  2. Open the CLI and input the following commands
    1. For Devices running FortiOS 6.2.2 and above
      1. config system settings
      2. set sip-expectation disable
      3. set sip-nat-trace disable
      4. set default-voip-alg-mode kernel-helper-based
      5. end
    2. For devices running firmware below FortiOS 6.2.2
      1. config system settings
      2. set sip-helper disable
      3. set sip-nat-trace disable
      4. set default-voip-alg-mode kernel-helper-based
      5. end
  3. If you encounter any errors while running set default-voip-alg-mode kernel-helper-based it is safe to ignore
  4. Run the following commands
    1. config system session-helper
    2. show
      1. Here you want to find the entry for sip, this is typically 12 but it may differ depending on software version and device model
    3. delete 12
      1. Replace 12 with the entry from `show
    4. end
  5. Enter the following commands in the CLI to disable RTP Processing
    1. config voip profile
    2. edit profile
    3. config sip
    4. end
    5. end
  6. Once done, go ahead and reboot the device, FortiGate firewalls usually do not require a reboot for configuration changes, but in this case we will need to reboot the device to activate the session helper changes
  7. Lastly, reboot all of your SIP Devices/Phones