Open the CLI interface for your Fortigate Firewall
Before making any changes be sure to backup your configuration
In the CLI enter the following commands
Use the following commands for a device on FortiOS starting at 6.2.2
config system settings
set sip-expectation disable
set sip-nat-trace disable
set default-voip-alg-mode kernel-helper-based
end
For devices below FortiOS version 6.2.2 use the following commands
config system settings
set sip-helper disable
set sip-nat-trace disable
set default-voip-alg-mode kernel-helper-based
end
If you encounter and error while entering set default-voip-alg-mode kernel-helper-based go ahead and ignore it
The rest of the configuration will be the same for all FortiOS versions
Run the following commands
config system session-helper
show
Here you will want to find the entry for SIP, this is typically 12 but it may differ depending on software version and model
delete 12
Alternatively use the entry you found in the previous step
end
Enter the following commands in the CLI to disable RTP processing
config voip profile
edit default
config sip
set rtp disable
end
end
diagnose sys session filter clear
Once done go ahead and reboot the device, Fortigate firewalls do not require a reboot when you change configuration but in this case, we will need the reboot to activate the session helper changes
Lastly, reboot all of your SIP Devices/Phones