Fortigate

Fortigate

Fortigate firewall products have SIP session helpers that are on by default.   These need to be turned off!

http://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-voip-guide-52/sessionhelper-disenable.htm

 

Fortigate, like many firewalls, also has an ALG (Application Level Gateway) for SIP available.  It is not on by default.  This article explains how to enable it - but if it has been turned on, it should definitely be disabled.

http://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-voip-guide-52/ALG-gui.htm hits on there that can be enabled.. and thusly disabled.



    • Related Articles

    • nexMatrix Host Names and IP addresses

      nexMatrix SIP trunk service will connect to your IP PBX from one or more of these servers. You may need to whitelist these addresses and/or host names to allow unsolicited inbound traffic from them to your PBX on UDP port 5060 and whatever range of ...
    • 8/2/2016 Firewall security

      nexMatrix has released new updates to Protel LTS and Protelity LTS that provide software firewall options and greatly enhance the options available for securing the IP PBX system. Prior to this release, Linux “Fail2Ban” has been installed on our PBX ...
    • Local SIP port assignments for IP phones

      Perhaps the most common cause of problems with IP phones is inconsistent signalling communication between the end point (phone) and the PBX.  The symptoms of this include: The phone won't register to its extension account on the PBX. BLF buttons on ...
    • Actiontec DSL modem/router - Transparent Bridging mode

      If you are placing a Protel PBX behind a NAT router that is connecting to the internet via a DSL connection, you will need to disable the NAT functions of the DSL modem/router.   If NAT is not disabled, you will very likely not be able to register ...
    • SonicWall Reflexive NAT Policies for nexMatrix SIP Trunks

      Many thanks to Matt York at Wilkes Communications/Riverstreet Networks in Wilkesboro, NC for providing this great documentation! 1:1 port 5060 Source PAT (Inside Local : Inside Global 5060:5060) This document will cover SonicOS Enhanced 6.5.x.x.  ...