FortiOS 5.4 Online Help Link FortiOS 5.2 Online Help Link FortiOS 5.0 Online Help Link FortiOS 4.3 Online Help Link

Home > Online Help

> Chapter 1 - What's New for FortiOS 5.2 > Other New Features

Other New Features

Other new features in FortiOS 5.2 include:

SIP Traffic is Handled by the SIP ALG by Default

Previous versions of FortiOS used the SIP session helper for all SIP sessions. You had to remove the SIP session helper from the configuration for SIP traffic to use the SIP ALG.

In FortiOS 5.2, all SIP traffic is now processed by the SIP ALG by default. You can change the default setting using the following command:

config system settings

set default-voip-alg-mode {proxy-based | kernel-helper-based}



The default is proxy-based, which means the SIP ALG is used. If set to kernel-helper-based, the SIP session helper is used. If a SIP session is accepted by a firewall policy with a VoIP profile, the session is processed using the SIP ALG even if default-voip-alg-mode is set to kernel-helper-based.

If a SIP session is accepted by a firewall policy that does not include a VoIP profile:

  • If default-voip-alg-mode is set to proxy-based, SIP traffic is processed by the SIP ALG using the default VoIP profile.
  • If default-voip-alg-mode is set to kernel-helper-based, SIP traffic is processed by the SIP session helper. If the SIP session help has been removed, then no SIP processing takes place.

Changing the Header Name of Load Balanced HTTP/HTTPS Traffic

A header name can now be configured for HTTP and HTTPS traffic that flows through a virtual server, rather than using the default X-Forward-For header.

In order to use this feature, the HTTP IP header must be enabled.


config firewall vip

edit <name>

set type server-load-balance

set server-type {http | https}

set http-ip-header enable

set http-ip-header-name <name>



TOS and DSCP Support for Traffic Mapping

Both TOS and DSCP are now supported for traffic mapping but only one method can be used at a time, with TOS as the default. The type used and its other attributes can be configured through the CLI.


config system global

set traffic-priority {tos | dscp}

set traffic-priority-level {low | medium | high}