Disable SIP ALG on Fortinet-Fortigate Firewalls

Disable SIP ALG on Fortinet-Fortigate Firewalls

By default, a new Fortinet Firewall has SIP ALG enabled, a protocol to help with the voice-over-IP systems. Most of the time, this protocol causes issues with many SIP service providers, so it is recommended to disable it. 

The process to do so is depicted below:

1. Open the CLI interface for your Fortigate Firewall:
  1. Before making any changes be sure to backup your configuration.
2. In the CLI enter the following commands:
  1. Use the following commands for a device on FortiOS starting at 6.2.2
  2. config system settings
  3. set sip-expectation disable
  4. set sip-nat-trace disable
  5. set default-voip-alg-mode kernel-helper-based
  6. end

3. For devices below FortiOS version 6.2.2 use the following commands:
  1. config system settings
  2. set sip-helper disable
  3. set sip-nat-trace disable
  4. set default-voip-alg-mode kernel-helper-based
  5. end

4. If you encounter an error while entering set default-voip-alg-mode kernel-helper-based, ignore it.


5. Run the following commands:
  1. config system session-helper
  2. show
    1. Here you will want to find the entry for SIP, this is typically 12 or 13 but it may differ depending on the software version and model.
  3. delete 12
    1. If the entry found is 13 use delete 13 instead. 
  4. end

6. Enter the following commands in the CLI to disable RTP processing.
  1. config voip profile
  2. edit default
  3. config sip
  4. set rtp disable
  5. end
  6. end

7. Reboot your Fortigate Firewall. The reboot is needed to activate the changes we made with the config system session-helper command. 

8. Lastly, reboot all of your SIP Devices/Phones.

    • Related Articles

    • How to disable SIP ALG on SonicWALL Firewalls.

      Consistent NAT Click on VoIP Click on Settings Set Enable consistent NAT to enabled Every other checkbox on this page should be unchecked as well. Click Accept Advanced Firewall Settings Click on Firewall Settings Click on Advanced Set Enable Stealth ...

    • SIP ALG Issues with VoIP and why it should be disabled

      SIP ALG should be disabled for Voiceware VoIP system. Please note that on many routers and firewalls SIP ALG is by default enabled. To find out if SIP ALG is disabled, please download the attached file for Windows. 1. Make sure the Windows machine is ...

    • Supported Phones Models on Voiceware Platform

      Below are the current supported devices that can be used with Voiceware Platform. Newer models will be added when they become available. Brand and Models: 1. Cisco Cisco 6841 * Cisco 6851 * Cisco 7811 * Cisco 7821 * Cisco 7841 * Cisco 7861 * Cisco ...

    • Yealink T33G Models Phone User Manual

      Below is attached a document that contains a Yealink T33G model User's Guide for your convenience. If any other information is needed you can contact us by sending us a ticket to support@voicewareusa.com or calling us at our office 305-503-7782 ...

    • Yealink T46S-T46G-T46U Models Phone User Manual

      Below is attached a document that contains a Yealink T46U-T46G-T46S models User's Guide for your convenience. If any other information is needed you can contact us at our office 305-503-7782 Option 2