Security profiles Where security policies provide the instructions to the FortiGate unit for controlling what traffic is allowed through the device, the Security profiles provide the screening that filters the content coming and going on the network. Security profiles enable you to instruct the FortiGate unit about what to look for in the traffic that […]
Firewall policies The firewall policy is the axis around which most of the other features of the FortiGate firewall revolve. A large portion of the settings in the firewall at some point will end up relating to or being associated with the firewall policies and the traffic that they govern. Any traffic going through a […]
Access control lists Access control lists (ACLs) in the FortiOS firmware could be considered a granular or more specifically targeted blacklist. These ACLs drop IPv4 or IPv6 packets at the physical network interface before the packets are analyzed by the CPU. On a busy appliance this can really help the performance. The ACL feature is […]
Hosted NAT traversal With the increase in the use of VoIP and other media traffic over the Internet, service provider network administrators must defend their networks from threats while allowing voice and multimedia traffic to flow transparently between users and servers and among users. A common scenario could involve providing SIP VoIP services for customers […]
Translating SIP sessions to a different destination port To configure translating SIP sessions to a different destination port you must add a static NAT virtual IP that translates tie SIP destination port to another port destination. In the example the destination port is translated from 5060 to 50601. This configuration can be used if SIP […]
Translating SIP session destination ports Using port forwarding virtual IPs you can change the destination port of SIP sessions as they pass through the FortiGate.
Controlling NAT for addresses in SDP lines You can use the no-sdp-fixup option to control whether the FortiGate performs NAT on addresses in SDP lines in the SIP message body. The no-sdp-fixup option is disabled by default and the FortiGate performs NAT on addresses in SDP lines. Enable this option if you don’t want the […]
Controlling how the SIP ALG NATs SIP contact header line addresses You can enable contact-fixup so that the SIP ALG performs normal SIP NAT translation to SIP contact headers as SIP messages pass through the FortiGate. Disable contact-fixup if you do not want the SIP ALG to perform normal NAT translation of the SIP contact […]