If open-via-pinhole is disabled (the default setting), the FortiGate unit does not open pinholes for Via messages. You can enable open-via-pinhole so that the FortiGate unit opens pinholes for Via messages. In previous versions of FortiOS, this option was reg-diff-port.

If open-record-route-pinhole is enabled (the default setting), the FortiGate unit opens pinholes for Record-Route messages. You can disable open-record-route-pinhole so that the FortiGate unit does not open pinholes for Record-Route messages.

Usually you would want to open these pinholes. Keeping them closed may prevent SIP from functioning properly through the FortiGate unit. However, they can be disabled for interconnect scenarios (where all SIP traffic is between proxies and traveling over a single session). In some cases, these settings can also be disabled in access scenarios if it is known that all users will be registering regularly so that their contact information can be learned from the register request.

You may also want to prevent pinholes from being opened to avoid creating a pinhole for every register or non-register request. Each pinhole uses additional system memory, which can affect system performance if there are hundreds or thousands of users, and requires refreshing that can take a relatively long amount of time if there are thousands of active calls.