The SIP pre-defined firewall service restricts the security policy to only accepting sessions on UDP port 5060. The security policies can have service set to ANY, or to the SIP pre- defined firewall service, or a custom firewall service. To have the SIP session helper process SIP sessions you need to add a security policy that accepts SIP sessions on the configured SIP UDP or TCP ports. If the FortiGate unit is operating with multiple VDOMs, each VDOM can have a different SIP session helper configuration. You can enable and disable the SIP session helper, change the TCP or UDP port that the session helper listens on for SIP traffic, and enable or disable SIP NAT tracing. SIP sessions using port 5060 accepted by a security policy that does not include a VoIP profile are processed by the SIP session helper. The SIP session helper is set to listen for SIP traffic on TCP or UDP port 5060. Set default-voip-alg-mode kernel-helper-based If you want to use the SIP session helper you need to enter the following command: S I P session helper configuration overviewīy default FortiOS uses the SIP ALG for SIP traffic.
Provides basic SIP security as an access control device.Opens up and closes dynamic RTP and RTSP pinholes for RTP and RTSP media traffic.Opens up and closes dynamic SIP pinholes for SIP signalling traffic.Translates SIP header and SDP information to account for NAT operations performed by the FortiGate unit.Keeps the states of the SIP transactions between SIP UAs and SIP servers.The SIP session-helper is a high-performance solution that provides basic support for SIP calls passing through the FortiGate unit by opening SIP and RTP pinholes and by performing NAT of the addresses in SIP messages.
0 kommentar(er)
