VoIP/SIP traffic problems, RTP ports being changed by Fortigate
Some background on the problem - I've had this happen before and fixed it with someone else's help. I think the "set contact-fixup disable" command fixed it before.
Now suddenly the problem is back, and seemingly without me making any config changes in our FG100E.
We have a VoIP device on our LAN, and it requires me to do port translations to access all the channels (example, for channel#3, UDP5060 gets translated to UDP5063).
The problem is that the Fortigate seems to translate some ports into the 7000 range instead, and I know this is what the SIP-Helper does by default.
In my config, SIP ALG is handling the SIP traffic, which I confirmed with this command: diag sys sip-proxy stat
I also have these settings in the config:
config system settings
set sip-nat-trace disable
config voip profile
set contact-fixup disable
So, here's the behavior I see when I do a packet capture within the Fortigate.
The SIP negotiation works fine, it translates ports 5060 to 5063 correctly.
The problem then begins when the RTCP/RTP traffic starts.
I have RTP set to translate to port 6035, but my packet capture shows "Src Port: 6035, Dst Port: 7259".
I cannot figure out why it is getting changed to port 7259. I don't see anything in the text config that lists that range.