Configuration example: SIP session helper in Transparent Mode
Configuration example: SIP session helper in Transparent Mode The figure below shows an example SIP network consisting of a FortiGate unit operating in Transparent mode between two SIP phones. Since...
View ArticleThe SIP ALG
The SIP ALG In most cases you should use the SIP Application Layer Gateway (ALG) for processing SIP sessions. The SIP ALG provides the same basic SIP support as the SIP session helper. Additionally,...
View ArticleSIP ALG configuration overview
SIP ALG configuration overview To apply the SIP ALG, you add a SIP VoIP profile to a security policy that accepts SIP sessions. All SIP sessions accepted by the security policy will be processed by the...
View ArticleConflicts between the SIP ALG and the session helper
Conflicts between the SIP ALG and the session helper If you suspect that the SIP session helper is being used instead of the ALG, you can use the diagnose sys sip command to determine if the SIP...
View ArticleStateful SIP tracking, call termination, and session inactivity timeout
Stateful SIP tracking, call termination, and session inactivity timeout The SIP ALG tracks SIP dialogs over their lifespan between the first INVITE message and the Final 200 OK and ACK messages. For...
View ArticleSIP and RTP/RTCP
SIP and RTP/RTCP FortiGate units support the Real Time Protocol (RTP) application layer protocol for the VoIP call audio stream. RTP uses dynamically assigned port numbers that can change during a...
View ArticleHow the SIP ALG creates RTP pinholes
How the SIP ALG creates RTP pinholes The SIP ALG requires the following information to create a pinhole. The SIP ALG finds this information in SIP messages and some is provided by the SIP ALG: Protocol...
View ArticleConfiguration example: SIP in Transparent Mode
Configuration example: SIP in Transparent Mode The figure below hows an example SIP network consisting of a FortiGate unit operating in Transparent mode between two SIP phones. Since the FortiGate unit...
View ArticleRTP enable/disable (RTP bypass)
RTP enable/disable (RTP bypass) You can configure the SIP ALG to stop from opening RTP pinholes. Called RTP bypass, this configuration can be used when you want to apply SIP ALG features to SIP...
View ArticleOpening and closing SIP register, contact, via and record-route pinholes
Opening and closing SIP register, contact, via and record-route pinholes You can use the open-register-pinhole, open-contact-pinhole, open-via-port, and open- record-route-pinhole VoIP profile CLI...
View ArticleAccepting SIP register responses
Accepting SIP register responses You can enable the VoIP profile open-via-pinhole options to accept a SIP Register response message from a SIP server even if the source port of the Register response...
View ArticleHow the SIP ALG performs NAT
How the SIP ALG performs NAT In most Network Address Translation (NAT) configurations, multiple hosts in a private network share a single public IP address to access the Internet. For sessions...
View ArticleCall Re-invite messages
Call Re-invite messages SIP Re-INVITE messages can dynamically add and remove media sessions during a call. When new media sessions are added to a call the SIP ALG opens new pinholes and update SIP...
View ArticleHow the SIP ALG translates IP addresses in SIP headers
How the SIP ALG translates IP addresses in SIP headers The SIP ALG applies NAT to SIP sessions by translating the IP addresses contained in SIP headers. For example, the following SIP message contains...
View ArticleHow the SIP ALG translates IP addresses in the SIP body
How the SIP ALG translates IP addresses in the SIP body The SDP session profile attributes in the SIP body include IP addresses and port numbers that the SIP ALG uses to create pinholes for the media...
View ArticleSIP NAT scenario: source address translation (source NAT)
SIP NAT scenario: source address translation (source NAT) The following figures show a source address translation scenario involving two SIP phones on different networks, separated by a FortiGate unit....
View ArticleSIP NAT scenario: destination address translation (destination NAT)
SIP NAT scenario: destination address translation (destination NAT) The following figures show how the SIP ALG translates addresses in a SIP INVITE message sent from SIP Phone B on the Internet to SIP...
View ArticleSIP NAT configuration example: source address translation (source NAT)
SIP NAT configuration example: source address translation (source NAT) This configuration example shows how to configure the FortiGate unit to support the source address translation scenario...
View ArticleClik here to view.
FortiOS 5.6 Beta 2 Kicks Ass
So, if you guys have viewed or read my “Where Fortinet is Messing Up” page….you know that I much prefer the way Palo Alto Networks does app assignment on policies. 5.6 Beta 2 is flipping that on it’s...
View ArticleSIP NAT configuration example: destination address translation (destination NAT)
SIP NAT configuration example: destination address translation (destination NAT) This configuration example shows how to configure the FortiGate unit to support the destination address translation...
View Article