Fortinet black logo

Hyperscale Firewall Guide

Home FortiGate / FortiOS 6.2.7 Hyperscale Firewall Guide
6.2.7
7.4.3
7.4.2
7.4.1
7.4.0
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
6.4.15
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.6
6.2.9
6.2.7
6.2.6

SIP and hyperscale firewall support

SIP and hyperscale firewall support

Enter one of the following commands to the change the NP7 hash configuration if a FortiGate that is licensed for hyperscale firewall features will be processing SIP traffic.

The available command depends on the hardware platform and firmware version:

config system npu

set hash-config sip

end

or

config system npu

set hash-config src-ip

end

For more information, see the descriptions of the hash-config option in Configuring NP7 processors.

Note

Entering either of these commands causes the FortiGate to restart, temporarily interrupting traffic. If you are changing this configuration for an FGCP HA cluster, you should remove the backup FortiGate from the cluster, change the configuration on both FortiGates, and then after they restart, add the backup FortiGate back to the cluster.

In addition to the above setting, to support SIP in a hyperscale firewall VDOM, you must configure the VDOM to use the SIP session helper instead of the SIP application layer gateway (ALG). Enter the following command in a hyperscale firewall VDOM to use the SIP session helper for SIP traffic:

config system settings

set default-voip-alg-mode kernel-helper-based

end

Previous
Next

SIP and hyperscale firewall support

Enter one of the following commands to the change the NP7 hash configuration if a FortiGate that is licensed for hyperscale firewall features will be processing SIP traffic.

The available command depends on the hardware platform and firmware version:

config system npu

set hash-config sip

end

or

config system npu

set hash-config src-ip

end

For more information, see the descriptions of the hash-config option in Configuring NP7 processors.

Note

Entering either of these commands causes the FortiGate to restart, temporarily interrupting traffic. If you are changing this configuration for an FGCP HA cluster, you should remove the backup FortiGate from the cluster, change the configuration on both FortiGates, and then after they restart, add the backup FortiGate back to the cluster.

In addition to the above setting, to support SIP in a hyperscale firewall VDOM, you must configure the VDOM to use the SIP session helper instead of the SIP application layer gateway (ALG). Enter the following command in a hyperscale firewall VDOM to use the SIP session helper for SIP traffic:

config system settings

set default-voip-alg-mode kernel-helper-based

end

Previous
Next