SIP and hyperscale firewall support
Enter one of the following commands to the change the NP7 hash configuration if a FortiGate that is licensed for hyperscale firewall features will be processing SIP traffic.
The available command depends on the hardware platform and firmware version:
config system npu
set hash-config sip
end
or
config system npu
set hash-config src-ip
end
For more information, see the descriptions of the hash-config
option in Configuring NP7 processors.
Entering either of these commands causes the FortiGate to restart, temporarily interrupting traffic. If you are changing this configuration for an FGCP HA cluster, you should remove the backup FortiGate from the cluster, change the configuration on both FortiGates, and then after they restart, add the backup FortiGate back to the cluster. |
In addition to the above setting, to support SIP in a hyperscale firewall VDOM, you must configure the VDOM to use the SIP session helper instead of the SIP application layer gateway (ALG). Enter the following command in a hyperscale firewall VDOM to use the SIP session helper for SIP traffic:
config system settings
set default-voip-alg-mode kernel-helper-based
end