Chapter 22 VoIP Solutions: SIP : FortiGate VoIP solutions: SIP : How the SIP ALG performs NAT : SIP NAT configuration example: source address translation (source NAT) : Configuration steps - CLI
  
Configuration steps - CLI
To add firewall addresses for Phone A and Phone B and security policies to apply the SIP ALG to SIP sessions
1 Enter the following command to add firewall addresses for Phone A and Phone B.
config firewall address
edit Phone_A
set associated interface internal
set type ipmask
set subnet 10.31.101.20 255.255.255.255
next
edit Phone_B
set associated interface wan1
set type ipmask
set subnet 172.20.120.30 255.255.255.255
end
2 Enter the following command to add security policies to allow Phone A to send SIP request messages to Phone B and Phone B to send SIP request messages to Phone A.
config firewall policy
edit 0
set srcintf internal
set dstintf wan1
set srcaddr Phone_A
set dstaddr Phone_B
set action accept
set schedule always
set service SIP
set nat enable
set utm-status enable
set voip-profile default
next
edit 0
set srcintf wan1
set dstintf internal
set srcaddr Phone_B
set dstaddr Phone_A
set action accept
set schedule always
set service SIP
set nat enable
set utm-status enable
set voip-profile default
end