DescriptionAccording to RFC3264 (An Offer/Answer Model with the Session Description Protocol (SDP)), part 6 (Generating the Answer):
For each "m=" line in the offer, there MUST be a corresponding "m=" line in the answer. The answer MUST contain exactly the same number of "m=" lines as the offer. This allows for streams to be matched up based on their order. This implies that if the offer contained zero "m=" lines, the answer MUST contain zero "m=" lines.
If SIP phones and SIP proxy are providing an asymmetrical number of "m=" line, the SIP ALG of the FortiGate will not be able to open the corresponding pinhole for the media.
The following message will be displayed in the SIP ALG debug logs (diagnose debug application sip -1):
“offer not matched peer's”
SolutionIf you cannot fix the asymmetrical issue in the "m=" lines in the SDP (which would be the ideal solution) and if you absolutely need to get the media port to be opened dynamically; then you can use the SIP session helper instead of the SIP ALG.
The SIP session helper is, most of the time, able to handle such situations.
However, note that using the SIP session helper has a drawback as it is not supporting all the features that the SIP ALG is supporting; only the SDP natting and the pinhole opening are supported in the simplest scenario. There is no debug log available.
