Fortinet FortiGate Series Administration Manual page 515
Hide thumbs
Also See for FortiGate Series:
- Administration manual (60 pages) ,
- Install manual (51 pages) ,
- Quick start manual (14 pages)
Table of Contents
Advertisement
SIP support
Accepting SIP register responses
Controlling how SIP handles contact header NAT
Opening and closing SIP register and non-register pinholes
FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903
http://docs.fortinet.com/
•
Feedback
You can enable reg-diff-port to accept a SIP register response from a SIP server
even if the source port of the register response is different from the destination port of the
register request.
Most SIP servers use 5060 as the source port in the SIP register response. Some SIP
servers, however, may use a different source port. If your SIP server uses a different
source port, you can enable reg-diff-port and the FortiGate SIP ALG will create a
temporary pinhole when receiving a register request from a SIP client. As a result, the
FortiGate unit will accept a register response with any source port number from the SIP
server.
From the CLI, type the following commands:
config application list
edit <list_name>
config entries
edit 1
set category voip
set application SIP
set reg-diff-port enable
end
end
You can enable contact-fixup so that the FortiGate ALG performs normal SIP NAT
translation to SIP contact headers as SIP sessions pass through the FortiGate unit.
Disable contact-fixup if you do not want the FortiGate ALG to perform normal SIP
NAT translation of the SIP contact header if a Record-Route header is also available. If
contact-fixup is disabled, the FortiGate ALG does the following with contact headers:
•
For Contact in Requests, if a Record-Route header is present and the request comes
from the external network, the SIP Contact header is not translated.
•
For Contact in Responses, if a Record-Route header is present and the response
comes from the external network, the SIP Contact header is not translated.
If contact-fixup is disabled, the FortiGate ALG must be able to identify the external
network. To identify the external network, you must use the config system
interface command to set the external keyword to enable for the interface that is
connected to the external network.
From the CLI, type the following commands:
config application list
edit <list_name>
config entries
edit 1
set category voip
set application SIP
set contact-fixup {enable | disable}
end
end
You can use open-register-pinhole and open-contact-pinhole to control
whether the FortiGate unit opens register and non-register pinholes. Non-register pinholes
are usually opened for SIP invite requests.
Configuring SIP
515
Advertisement
Table of Contents
