Fortinet white logo
Fortinet white logo

Handbook

6.0.0

Translating SIP sessions to multiple destination ports

Translating SIP sessions to multiple destination ports

You can use a load balance virtual IP to translate SIP session destination ports to a range of destination ports. In this example the destination port is translated from 5060 to the range 50601 to 50603. This configuration can be used if your SIP server is configured to receive SIP traffic on multiple ports.

Example translating SIP traffic to multiple destination ports

To translated SIP sessions to multiple destination ports
  1. Add the load balance virtual IP.

    This virtual IP forwards traffic received at the port1 interface for IP address 172.20.120.20 and destination port 5060 to the SIP server at IP address 192.168.10.20 with destination port 5061.
  2. config firewall vip

    edit "sip_port_ldbl_vip"

    set type load-balance

    set portforward enable

    set protocol tcp

    set extip 172.20.120.20

    set extport 5060

    set extintf "port1"

    set mappedip 192.168.10.20

    set mappedport 50601-50603

    set comment "Translate SIP destination port range"

    end

  3. Add a security policy that includes the virtual IP and VoIP profile.
  4. config firewall policy

    edit 1

    set srcintf "port1"

    set dstintf "port2"

    set srcaddr "all"

    set dstaddr "sip_port_ldbl_vip"

    set action accept

    set schedule "always"

    set service "ALL"

    set utm-status enable

    set voip-profile default

    set comments "Translate SIP destination port"

    end

Translating SIP sessions to multiple destination ports

Translating SIP sessions to multiple destination ports

You can use a load balance virtual IP to translate SIP session destination ports to a range of destination ports. In this example the destination port is translated from 5060 to the range 50601 to 50603. This configuration can be used if your SIP server is configured to receive SIP traffic on multiple ports.

Example translating SIP traffic to multiple destination ports

To translated SIP sessions to multiple destination ports
  1. Add the load balance virtual IP.

    This virtual IP forwards traffic received at the port1 interface for IP address 172.20.120.20 and destination port 5060 to the SIP server at IP address 192.168.10.20 with destination port 5061.
  2. config firewall vip

    edit "sip_port_ldbl_vip"

    set type load-balance

    set portforward enable

    set protocol tcp

    set extip 172.20.120.20

    set extport 5060

    set extintf "port1"

    set mappedip 192.168.10.20

    set mappedport 50601-50603

    set comment "Translate SIP destination port range"

    end

  3. Add a security policy that includes the virtual IP and VoIP profile.
  4. config firewall policy

    edit 1

    set srcintf "port1"

    set dstintf "port2"

    set srcaddr "all"

    set dstaddr "sip_port_ldbl_vip"

    set action accept

    set schedule "always"

    set service "ALL"

    set utm-status enable

    set voip-profile default

    set comments "Translate SIP destination port"

    end