Fortinet black logo

Handbook

Translating SIP session destination ports

6.0.0
Copy Link
Copy Doc ID 4afb0436-a998-11e9-81a4-00505692583a:392377
Download PDF

Translating SIP session destination ports

Using port forwarding virtual IPs you can change the destination port of SIP sessions as they pass through the FortiGate.

Translating SIP sessions to a different destination port

To configure translating SIP sessions to a different destination port you must add a static NAT virtual IP that translates tie SIP destination port to another port destination. In the example the destination port is translated from 5060 to 50601. This configuration can be used if SIP sessions uses different destination ports on different networks.

Example translating SIP sessions to a different destination port

To translate SIP sessions to a different destination port
  1. Add the static NAT virtual IP.

    This virtual IP forwards traffic received at the port1 interface for IP address 172.20.120.20 and destination port 5060 to the SIP server at IP address 192.168.10.20 with destination port 5061.
  2. config firewall vip

    edit "sip_port_trans_vip"

    set type static-nat

    set portforward enable

    set protocol tcp

    set extip 172.20.120.20

    set extport 5060

    set extintf "port1"

    set mappedip 192.168.10.20

    set mappedport 50601

    set comment "Translate SIP destination port"

    end

  3. Add a security policy that includes the virtual IP and the default VoIP profile.
  4. config firewall policy

    edit 1

    set srcintf "port1"

    set dstintf "port2"

    set srcaddr "all"

    set dstaddr "sip_port_trans_vip"

    set action accept

    set schedule "always"

    set service "ALL"

    set utm-status enable

    set profile-protocol-options default

    set comments "Translate SIP destination port"

    end

Translating SIP session destination ports

Using port forwarding virtual IPs you can change the destination port of SIP sessions as they pass through the FortiGate.

Translating SIP sessions to a different destination port

To configure translating SIP sessions to a different destination port you must add a static NAT virtual IP that translates tie SIP destination port to another port destination. In the example the destination port is translated from 5060 to 50601. This configuration can be used if SIP sessions uses different destination ports on different networks.

Example translating SIP sessions to a different destination port

To translate SIP sessions to a different destination port
  1. Add the static NAT virtual IP.

    This virtual IP forwards traffic received at the port1 interface for IP address 172.20.120.20 and destination port 5060 to the SIP server at IP address 192.168.10.20 with destination port 5061.
  2. config firewall vip

    edit "sip_port_trans_vip"

    set type static-nat

    set portforward enable

    set protocol tcp

    set extip 172.20.120.20

    set extport 5060

    set extintf "port1"

    set mappedip 192.168.10.20

    set mappedport 50601

    set comment "Translate SIP destination port"

    end

  3. Add a security policy that includes the virtual IP and the default VoIP profile.
  4. config firewall policy

    edit 1

    set srcintf "port1"

    set dstintf "port2"

    set srcaddr "all"

    set dstaddr "sip_port_trans_vip"

    set action accept

    set schedule "always"

    set service "ALL"

    set utm-status enable

    set profile-protocol-options default

    set comments "Translate SIP destination port"

    end