We have noted that with some Fortigate routers and firewalls come with SIP helpers enabled by default.
The customer may initially not think that there is any issue and inbound and outbound calls work as expected, But we had noted on one customer site that when they did a call pickup on another phone that was ringing in the office they would not be able to hear the caller. The caller could hear them and if they put the call on and off hold they could speak normally.
On further investigation with wireshark we noted that the RTP port changed when the pickup took place. We tested this on other sites not using the Fortigate hardware and did not have this issue.
Below are listed the commands to clear the SIP helper settings from the Fortigate hardware.
- Open the Fortigate CLI from the dashboard.
- Enter the following commands in FortiGate’s CLI:
- config system settings
- set sip-helper disable
- set sip-nat-trace disable
- reboot the device
- Reopen CLI and enter the following commands – do not enter the text after //:
- config system session-helper
- show //locate the SIP entry, usually 12, but can vary.
- delete 12 //or the number that you identified from the previous command.
- Disable RTP processing as follows:
- config voip profile
- edit default
- config sip
- set rtp disable
- And finally:
- config system settings
- set default-voip-alg-mode kernel-helper based
- End
on a fortigate 200D the following is the method to use
Step 1) Removing the session helper.
Run the following commands:
config system session-helper
show
Amongst the displayed settings will be one similar to the following example:
edit 13
set name sip
set protocol 17
set port 5060
In this example the next commands would be:
delete 13
end
Step 2) Change the default –voip –alg-mode.
Run the following commands:
config system settings
set default-voip-alg-mode kernel-helper based
end
Step 3) Either clear sessions or reboot to make sure changes take effect
a) To clear sessions
The command to clear sessions applies to ALL sessions unless a filter is applied, and therefore will interrupt traffic.
diagnose system session clear
Taken from
http://kb.fortinet.com/kb/documentLink.do?externalID=FD36405