Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

How VoIP ALG mode settings determine the firewall policy inspection mode

The default-voip-alg-mode setting will determine which inspection mode each firewall policy uses after upgrading.

Scenario 1
config system settings
    set default-voip-alg-mode proxy-based
end

This is the default setting. All firewall policies will be converted to proxy-based inspection.

Scenario 2
config system settings
    set default-voip-alg-mode kernel-helper-based
end

All firewall policies with a selected VoIP profile will be converted to proxy-based inspection. Policies without a configured VoIP profile will remain in the same inspection mode after upgrading.

Recommendation

If the scenario 1 outcome is not desired, do the following:

  1. Before upgrading, set default-voip-alg-mode to kernel-helper-based.
  2. Perform the upgrade.
  3. After upgrading, set default-voip-alg-mode to proxy-based.

    The upgraded policies will remain in the same inspection mode if they do not contain a VoIP profile.

How VoIP ALG mode settings determine the firewall policy inspection mode

The default-voip-alg-mode setting will determine which inspection mode each firewall policy uses after upgrading.

Scenario 1
config system settings
    set default-voip-alg-mode proxy-based
end

This is the default setting. All firewall policies will be converted to proxy-based inspection.

Scenario 2
config system settings
    set default-voip-alg-mode kernel-helper-based
end

All firewall policies with a selected VoIP profile will be converted to proxy-based inspection. Policies without a configured VoIP profile will remain in the same inspection mode after upgrading.

Recommendation

If the scenario 1 outcome is not desired, do the following:

  1. Before upgrading, set default-voip-alg-mode to kernel-helper-based.
  2. Perform the upgrade.
  3. After upgrading, set default-voip-alg-mode to proxy-based.

    The upgraded policies will remain in the same inspection mode if they do not contain a VoIP profile.