Enhancing SIP pinhole security You can use the strict-register option in a SIP VoIP profile to open smaller pinholes. This option is enabled by default on the default VoIP profiles and in all new VoIP profiles that you create. As shown below, when FortiGate is protecting a SIP server on a private network, the FortiGate […]
Adding the original IP address and port to the SIP message header after NAT In some cases your SIP configuration may require that the original IP address and port from the SIP contact request is kept after NAT. For example, the original SIP contact request could include the following: Contact: <sip:firstname.lastname@example.org:5060>; After the packet goes […]
Translating SIP sessions to multiple destination ports You can use a load balance virtual IP to translate SIP session destination ports to a range of destination ports. In this example the destination port is translated from 5060 to the range 50601 to 50603. This configuration can be used if your SIP server is configured to […]
Translating SIP sessions to a different destination port To configure translating SIP sessions to a different destination port you must add a static NAT virtual IP that translates tie SIP destination port to another port destination. In the example the destination port is translated from 5060 to 50601. This configuration can be used if SIP […]
Translating SIP session destination ports Using port forwarding virtual IPs you can change the destination port of SIP sessions as they pass through the FortiGate.
Controlling NAT for addresses in SDP lines You can use the no-sdp-fixup option to control whether the FortiGate performs NAT on addresses in SDP lines in the SIP message body. The no-sdp-fixup option is disabled by default and the FortiGate performs NAT on addresses in SDP lines. Enable this option if you don’t want the […]
Controlling how the SIP ALG NATs SIP contact header line addresses You can enable contact-fixup so that the SIP ALG performs normal SIP NAT translation to SIP contact headers as SIP messages pass through the FortiGate. Disable contact-fixup if you do not want the SIP ALG to perform normal NAT translation of the SIP contact […]
Configuring SIP IP address conservation for the SIP session helper You can use the following command to enable or disable SIP IP address conservation for the SIP session helper. IP address conservation is enabled by default for the SIP session helper. config system settings set sip-nat-trace disable end If the SIP message does not include […]