IT Services - Melbits™ > All BWL KB > Disabling SIP ALG

Disabling SIP ALG

SIP ALG can have a significant impact on VoIP phone systems by interfering with the smooth transmission of voice data. This feature, designed to modify and manage SIP packets, often causes more harm than good in VoIP environments. For many businesses, SIP ALG results in connection issues like dropped calls, delays, one-way audio, or failed call registration. These disruptions occur because SIP ALG alters the packets in ways that can confuse VoIP traffic, leading to degraded call quality. To ensure reliable and clear communication, many VoIP providers recommend disabling SIP ALG, especially in networks with heavy VoIP usage. Understanding and adjusting SIP ALG settings can be crucial to maintaining high-quality VoIP performance for your business.

How to disabled SIP ALG on FortiGate firewall router.

On FortiGate firewalls SIP Application Layer Gateway (SIP ALG) is enabled by default. This will cause problems with SIP VoIP phones registration and call processing.

Access the FortiGate CLI:

  • Log into the FortiGate device and open the CLI (either through SSH or directly via the console).

Note: Backup configuration of your firewall before making any changes

Step 1:

FortiOS starting at software release 6.2.2 : Run following commands from FortiGate firewall CLI

  1. config system settings
  2. set sip-expectation disable
  3. set sip-nat-trace disable
  4. set default-voip-alg-mode kernel-helper-based
  5. end

FortiOS older than software release 6.2.2 : Run following commands from FortiGate firewall CLI

  1. config system settings
  2. set sip-helper disable
  3. set sip-nat-trace disable
  4. set default-voip-alg-mode kernel-helper-based
  5. end

If you see an error while entering “set default-voip-alg-mode kernel-helper-based” , just ignore it.

Rest of configuration is the same for all FortiOS versions

Step 2:

Next we need to locate SIP entry in session helper list and delete it

  1. config system session-helper
  2. show

Scroll down until you see an entry for SIP, in our example it was number 13 but this may be different depending on model and software release. Now execute following commands:

  1. delete 13
  2. end

Step 3:

Disable the VoIP Profile . The last set of commands disables processing of RTP protocol on the firewall.

  1. config voip profile
  2. edit default
  3. config sip
  4. set rtp disable
  5. end
  6. end

Normally FortiGate firewalls do not require a reboot when you change configuration, but , it seems, in this case we need reboot it to activate session helper changes.

Step 4:

Last step – restart or power cycle all your SIP phones and devices.

General, Networking, VOIPFortigate , Networking , SIP ALG , VOIP
Total 0 Votes
0

Tell us how can we improve this post?

+ = Verify Human or Spambot ?

Related Knowledge Base Posts -