Categories
Knowledge Base Technical

Fortigate issues such as one way audio on Call Pickup With Hosted Asterisk and other problems.

We have noted that with some Fortigate routers and firewalls come with SIP helpers enabled by default.

The customer may initially not think that there is any issue and inbound and outbound calls work as expected, But we had noted on one customer site that when they did a call pickup on another phone that was ringing in the office they would not be able to hear the caller. The caller could hear them and if they put the call on and off hold they could speak normally.

On further  investigation with wireshark we noted that the RTP port changed when the pickup took place. We tested this on other sites not using the Fortigate hardware and did not have this issue.

Below are listed the commands to clear the SIP helper settings from the Fortigate hardware.

  1. Open the Fortigate CLI from the dashboard.
  2. Enter the following commands in FortiGate’s CLI:
    • config system settings
    • set sip-helper disable
    • set sip-nat-trace disable
    • reboot the device
  3. Reopen CLI and enter the following commands – do not enter the text after //:
    • config system session-helper
    • show    //locate the SIP entry, usually 12, but can vary.
    • delete 12     //or the number that you identified from the previous command.
  4. Disable RTP processing as follows:
    • config voip profile
    • edit default
    • config sip
    • set rtp disable
  5. And finally:
    • config system settings
    • set default-voip-alg-mode kernel-helper based
    • End

on a fortigate 200D the following is the method to use

Step 1) Removing the session helper.

Run the following commands:

config system session-helper
  show

Amongst the displayed settings will be one similar to the following example:

    edit 13
        set name sip
        set protocol 17
        set port 5060

In this example the next commands would be:

delete 13
end
Step 2) Change the default –voip –alg-mode.

Run the following commands:

config system settings
set default-voip-alg-mode kernel-helper based
end
Step 3) Either clear sessions or reboot to make sure changes take effect

a) To clear sessions

The command to clear sessions applies to ALL sessions unless a filter is applied, and therefore will interrupt traffic.

diagnose system session clear

Taken from

http://kb.fortinet.com/kb/documentLink.do?externalID=FD36405