Fortinet Fortigate Firewalls

[KonradSC]

Hello. Does anyone have any tips or tricks for getting SIP traffic to pass correctly through a Fortigate firewall? We are running SIP over UDP and have disabled SIP ALG & SIP session helper as stated in this KB article.
https://kb.fortinet.com/kb/documentLink.do?externalID=FD36405

All phones can register and can make outgoing calls, however inbound calls do not work.

I am aware that you can beat these issues with TLS or possibly TCP. In this case I'm looking specifically for a UDP solution.

Thanks!

 

[Low]

On the Fortigate can you do a debug from the CLI and see what it sees when an inbound cal tries to establish? If you know the ip address that is the source I would probably use that for the debugs. If the source ip is heavily used it may be hard to capture the correct debugs.

dia deb reset
dia deb flow filter addr x.x.x.x
dia deb flow trac start 200
dia deb flow en

 

[bcmike]

I'm not familiar with FortiGate specifically but usually this is a case of the NAT mapping timing out. I'd look to see if you can change any of the timeout values on UDP mappings, failing that decrease the time on your keep alive messages in the phone config, assuming you've enabled keep alive.