Fortinet black logo

FortiOS Release Notes

Home FortiGate / FortiOS 7.0.0 FortiOS Release Notes

How VoIP ALG mode settings determine the firewall policy inspection mode

7.0.0
7.4.3
7.4.2
7.4.1
7.4.0
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.15
7.0.14
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.15
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.16
6.2.15
6.2.14
6.2.13
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.1
6.2.0
6.0.18
6.0.17
6.0.16
6.0.15
6.0.14
6.0.13
6.0.12
6.0.11
6.0.10
6.0.9
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.6.14
5.6.13
5.6.12
5.6.11
5.6.10
5.6.9
5.6.8
5.6.7
5.6.6
5.6.5
5.6.4
5.6.3
5.6.2
5.6.1
5.6.0
5.4.13
5.4.12
5.4.11
5.4.10
5.4.9
5.4.8
5.4.7
5.4.6
5.4.5
5.4.4
5.4.3
5.4.2
5.4.1
5.4.0
5.2.15
5.2.14
5.2.13
5.2.12
5.2.11
5.2.10
5.2.9
5.2.8
5.2.7
5.2.6
5.2.5
5.2.4
5.2.3
5.2.2
5.2.1
5.2.0
5.0.14
5.0.13
5.0.12
5.0.11
5.0.10
5.0.9
5.0.8
5.0.7
5.0.6
5.0.5
5.0.4
5.0.3
5.0.2
Copy Link
Copy Doc ID 72101d52-8b3a-11eb-9995-00505692583a:593415
Download PDF

How VoIP ALG mode settings determine the firewall policy inspection mode

The default-voip-alg-mode setting will determine which inspection mode each firewall policy uses after upgrading.

Scenario 1
config system settings
    set default-voip-alg-mode proxy-based
end

This is the default setting. All firewall policies will be converted to proxy-based inspection.

Scenario 2
config system settings
    set default-voip-alg-mode kernel-helper-based
end

All firewall policies with a selected VoIP profile will be converted to proxy-based inspection. Policies without a configured VoIP profile will remain in the same inspection mode after upgrading.

Recommendation

If the scenario 1 outcome is not desired, do the following:

  1. Before upgrading, set default-voip-alg-mode to kernel-helper-based.
  2. Perform the upgrade.
  3. After upgrading, set default-voip-alg-mode to proxy-based.

    The upgraded policies will remain in the same inspection mode if they do not contain a VoIP profile.

Previous
Next

How VoIP ALG mode settings determine the firewall policy inspection mode

The default-voip-alg-mode setting will determine which inspection mode each firewall policy uses after upgrading.

Scenario 1
config system settings
    set default-voip-alg-mode proxy-based
end

This is the default setting. All firewall policies will be converted to proxy-based inspection.

Scenario 2
config system settings
    set default-voip-alg-mode kernel-helper-based
end

All firewall policies with a selected VoIP profile will be converted to proxy-based inspection. Policies without a configured VoIP profile will remain in the same inspection mode after upgrading.

Recommendation

If the scenario 1 outcome is not desired, do the following:

  1. Before upgrading, set default-voip-alg-mode to kernel-helper-based.
  2. Perform the upgrade.
  3. After upgrading, set default-voip-alg-mode to proxy-based.

    The upgraded policies will remain in the same inspection mode if they do not contain a VoIP profile.

Previous
Next