Adding the original IP address and port to the SIP message header after NAT
In some cases your SIP configuration may require that the original IP address and port from the SIP contact request is kept after NAT. For example, the original SIP contact request could include the following:
After the packet goes through the FortiGate and NAT is performed, the contact request could normally look like the following (the IP address translated to a different IP address and the port to a different port):
You can enable register-contact-trace in a VoIP profile to have the SIP ALG add the original IP address and port in the following format:
Contact: <sip:0150302438@<nated-ip>:<nated-port>;o=<original-ip>: <original-port>>; So the contact line after NAT could look like the following:
Contact: <sip:email@example.com:33608;o=172.20.120.110:5060>; Enter the following command to enable keeping the original IP address and port:
config voip profile edit Profile_name config sip set register-contract-trace enable
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!
Don't Forget To visit the YouTube Channel for the latest Fortinet Training Videos and Question / Answer sessions!
- FortinetGuru YouTube Channel
- FortiSwitch Training Videos