Friday, September 17, 2010

SIP and H.323


If you run into problems with SIP and H.323 traversing your Fortigate firewalls this may be related to the SIP and H.323 session helpers (i.e. proxies). You can tweak them on the command line only. Here is what a typical configuration looks like:

config system session-helper
edit 1
set name pptp
set port 1723
set protocol 6
next
edit 2
set name h323
set port 1720
set protocol 6
next
edit 3
set name ras
set port 1719
set protocol 17
next
*** snip ***
edit 12
set name sip
set port 5060
set protocol 17
next
edit 13
set name dns-udp
set port 53
set protocol 17
next
end

To disable the SIP and H.323 session helpers use the following syntax:

config system session-helper
delete 12
delete 3
delete 2
end

Keep in mind to delete session helpers starting at the highest numbered one. Otherwise you may inadvertently delete the wrong session helpers if you are not careful.

*****

Update: In FortiOS 3.0 MR6 and above you should also try the following commands:

config system settings
set sip-helper disable
end

and

config system settings
set sip-nat-trace disable
end
Posted by at
Labels:

2 comments:

  1. AnonymousJune 16, 2011 at 2:37 AM

    I have deleted the session helpers. Does the device need to be restarted?

    jason

    ReplyDelete

Subscribe to: Post Comments (Atom)