VentureTel Knowledge Base
Simplified support > quick answers.

Category: Network & Firewalls

Configuring Fortigate Firewall for VentureTel service

TL;DR

To configure a Fortigate Firewall for VentureTel service, users need to make several changes to mitigate issues such as dropped calls and device registration problems. Disabling Strict Register and deleting the SIP firewall are necessary steps to prevent duplicate SIP ports and port shuffling. Additionally, disabling the SIP helper and configuring traffic shaping and VoIP settings can help resolve these issues. These changes can be made through the Command Line Interface and web GUI.

There are issues with the NAT configuration on Fortigate Firewalls, while the Firewall is supported, users with these devices will likely run into the following issues using a phone behind a Fortigate:

Dropped calls

  1. One way or no way audio 

  2. Potential device registration issues

  3. Duplicate SIP Ports and port shuffling

To mitigate some of these issues, Strict Register should be disabled to stop all phones from using a pinhole through port 65476 (external) and 5060 (internal).

Delete SIP Firewall

Access the CLI cosole in the device GUI bu clicking >_ near the upper right hand corner 

  1. In the Command Line Interface (CLI) run the following commands:

    • config system session-helper

    • show

  2. Notice that edit 13 contains SIP.

  3. Enter the following commands:

    • delete 13

    • end

Disable SIP Helper

  1. In the Command Line Interface (CLI) run the following commands:

    • config system settings

    • set default-voip-alg-mode kernel-helper-based

    • set sip-helper disable

    • set sip-nat-trace disable

    • end

  2. Reboot the router using the web GUI under Status, or in the CLI with the following command:

    • execute reboot

Configure Traffic Shaping and VoIP

  1. In the web GUI, go to System > Feature Select > Additional Features.

  2. Toggle Traffic Shaping and VoIP on.

  3. Click Apply.

Disable Strict Register

Strict Register forces VoIP devices through a pinhole at port 65476 and will cause duplicate porting to occur.

To disable this setting run the following command in the Command Line Interface (CLI):

  1. config voip profile

  2. edit "Profile Name"

  3. config sip

  4. set strict-register disable

  5. end

The VoIP profile name can be found under Security Profile -> VoIP. Please note if these settings do not persist through a reboot a factory reset or other troubleshooting steps may be needed on the Fortigate itself with Fortigate support.