Chapter 21 VoIP Solutions: SIP for FortiOS 5.0 : FortiGate VoIP solutions: SIP : The SIP ALG : Configuration example: SIP in Transparent Mode : Configuration steps - web‑based manager
  
Configuration steps - web‑based manager
 
Before you begin this procedure you may have to enable VoIP support on the web‑based manager by going to System > Admin > Settings and selecting the VoIP checkbox.
To add firewall addresses for the SIP phones
1. Go to Firewall Objects > Address > Addresses.
2. Add the following addresses for Phone A and Phone B:
Address Name
Phone_A
Type
Subnet
Subnet / IP Range
10.31.101.20/255.255.255.255
Interface
port1
Address Name
Phone_B
Type
Subnet / IP Range
Subnet / IP Range
10.31.101.30/255.255.255.255
Interface
port2
To add security policies to apply the SIP ALG to SIP sessions
1. Go to Policy > Policy > Policy.
2. Select Create New to add a security policy.
3. Add a security policy to allow Phone A to send SIP request messages to Phone B:
Policy Type
Firewall
Policy Subtype
Address
Incoming Interface
port1
Source Address
Phone_A
Outgoing Interface
port2
Destination Address
Phone_B
Schedule
always
Service
SIP
Action
ACCEPT
4. Under UTM Security Profiles, select Use Standard UTM Profiles.
5. Turn on VoIP and select the default VoIP profile.
6. Select OK.
7. Add a security policy to allow Phone B to send SIP request messages to Phone A:
Policy Type
Firewall
Policy Subtype
Address
Incoming Interface
port2
Source Address
Phone_B
Outgoing Interface
port1
Destination Address
Phone_A
Schedule
always
Service
SIP
Action
ACCEPT
8. Under UTM Security Profiles, select Use Standard UTM Profiles.
9. Turn on VoIP and select the default VoIP profile.
10. Select OK.