How to Disable SIP ALG on Fortinet / FortiGate

SIP ALG is used to try and avoid configuring Static NAT on a router. Its implementation, however, varies from router to router, often making it difficult to inter-operate a router with SIP ALG enabled with a PBX. In general, you would want to disable SIP ALG and configure one to one port mapping on the router.

In this article, we will show you how to disable SIP ALG on FortiGate. On devices running FortiOs, you will need to disable this in multiple places as shown below.

  1. Open the Fortigate CLI from the dashboard.
  2. Enter the following commands in FortiGate’s CLI:
    1. config system settings
    2. set sip-helper disable
    3. set sip-nat-trace disable
    4. reboot the device
  3. Reopen CLI and enter the following commands – do not enter the text after //:
    1. config system session-helper
    2. show    //locate the SIP entry, usually 12, but can vary.
    3. delete 12     //or the number that you identified from the previous command.
  4. Disable RTP processing as follows:
    1. config voip profile
    2. edit default
    3. config sip
    4. set rtp disable

There might be other settings that you need to configure depending on the FortiOS version that you are using. If you continue encountering issues related to SIP ALG, please contact Fortinet Support.

Further Information

Liked this article?


Get notified of new articles
or share
You might also be interested in: