Disabling and enabling the SIP session helper

You can use the following steps to disable the SIP session helper. You might want to disable the SIP session helper if you don’t want the FortiGate to apply NAT or other SIP session help features to SIP traffic. With the SIP session helper disabled, the FortiGate can still accept SIP sessions if they are allowed by a security policy, but the FortiGate will not be able to open pinholes or NAT the addresses in the SIP messages.

To disable the sip session helper
  1. Enter the following command to find the sip session helper entry in the session-helper list:

show system session-helper

.

.

.

edit 13

set name sip

set port 5060

set protocol 17

next

.

.

.

This command output shows that the sip session helper listens in UDP port 5060 for SIP sessions.

  1. Enter the following command to delete session-helper list entry number 13 to disable the sip session helper:

config system session-helper

delete 13

end

If you want to use the SIP session helper you can verify whether it is enabled or disabled using the show system session-helper command.

note icon You do not have to disable the SIP session helper to use the SIP ALG.

If the SIP session helper has been disabled by being removed from the session-helper list you can use the following command to enable the SIP session helper by adding it back to the session helper list:

config system session-helper

edit 0

set name sip

set port 5060

set protocol 17

end