Disable SIP ALG -- Fortinet / Fortigate Print

Regarding SIP ALG

Almost all routers include a feature called SIP ALG, and are delivered with this feature enabled by default.

An Application Layer Gateway, or ALG, could help in solving NAT related problems, but in our experience, most ALG implementations are wrong and break SIP.

Leaving SIP ALG enabled not only breaks SIP functionality, but can also impact the RTP audio stream resulting in one-way audio where you can hear the caller, but they can't hear you, or vice versa.

You should disable SIP ALG and configure either port triggering or one-to-one port mapping on the router as appropriate.

Open the Fortigate CLI from the dashboard and enter the following commands:

• config system settings
• set sip-helper disable
• set sip-nat-trace disable
• reboot the device

Re-open the CLI and enter the following commands:

• config system session-helper
• show    (locate the SIP entry, usually 12, but can vary)
• delete 12    (or the number that you identified from the previous command)

Disable RTP processing as follows:

• config voip profile
• edit default
• config sip
• set rtp disable

There may be other settings that need to be configured depending on the FortiOS version you're using.

If you experience ongoing issues related to SIP ALG, contact Fortinet Support.