Configuring Fortigate Firewall for VentureTel service

Configuring Fortigate Firewall for VentureTel service

There are issues with the NAT configuration on Fortigate Firewalls, while the Firewall is supported, users with these devices will likely run into the following issues using a phone behind a Fortigate:
Dropped calls
  1. One way or no way audio 
  2. Potential device registration issues
  3. Duplicate SIP Ports and port shuffling

To mitigate some of these issues, Strict Register should be disabled to stop all phones from using a pinhole through port 65476 (external) and 5060 (internal).

Delete SIP Firewall

Access the CLI cosole in the device GUI bu clicking >_ near the upper right hand corner 


  1. In the Command Line Interface (CLI) run the following commands:
    • config system session-helper
    • show

  2. Notice that edit 13 contains SIP.
  3. Enter the following commands:
    • delete 13
    • end

Disable SIP Helper

  1. In the Command Line Interface (CLI) run the following commands:
    • config system settings
    • set default-voip-alg-mode kernel-helper-based
    • set sip-helper disable
    • set sip-nat-trace disable
    • end

  2. Reboot the router using the web GUI under Status, or in the CLI with the following command:
    • execute reboot

Configure Traffic Shaping and VoIP

  1. In the web GUI, go to System > Feature Select > Additional Features.

  2. Toggle Traffic Shaping and VoIP on.
  3. Click Apply.

Disable Strict Register

Strict Register forces VoIP devices through a pinhole at port 65476 and will cause duplicate porting to occur.
To disable this setting run the following command in the Command Line Interface (CLI):
  1. config voip profile
  2. edit "Profile Name"
  3. config sip
  4. set strict-register disable
  5. end

Note: The VoIP profile name can be found under Security Profile -> VoIP. Please note if these settings do not persist through a reboot a factory reset or other troubleshooting steps may be needed on the Fortigate itself with Fortigate support.




    • Related Articles

    • SonicWall firewall VoIP configuration

      The default firewall settings on SonicWall firewalls may cause issues with VentureTel VoIP traffic.  Some issues you may see are: Problems with phone registrations Dropped calls Phones not ringing One-way audio The TZ400 is an exception to this ...
    • What's the process of moving my phone service to VentureTel

      When you are ready to move to VentureTel, we’ll help you through every step of the process.  Here is the process we typically take once you say “set me up!"  First, we’ll have you register and fill out some paper work online so we can initiate the ...
    • Configuring Dell Sonic Wall for VentureTel VoIP

      Step 1: Go to VoIP > Settings.  Step 2: Check Enable Consistent NAT, uncheck/disable everything else. Step 3: Click  Accept to save the settings.
    • Configuring ASUS Router for VentureTel VoIP

      Navigate to Advanced Settings > WAN > NAT Passthrough. Next to RTSP Passthrough, select Disable. Next to SIP Passthrough, select Disable. Click Apply.
    • Perform a simple VentureTel speed test

      Unfortunately, slow internet speeds, high packet loss, and even high latency in any network connection can quickly deteriorate not only the quality of VoIP calls, but even the overall service your business pays for. Take a look below to perform a ...