DescriptionIn some network environments implementing policy routes for SIP traffic is needed.
A regular PBR would be configured as shown below:
config router policy
edit 0
set input-device "lan"
set src "10.139.109.0/255.255.255.0"
set dst "0.0.0.0/0.0.0.0"
set gateway 10.253.10.110
set output-device "wan1"
In FortiOS 5.2, all SIP and SCCP (Skinny) traffic is now processed by the SIP ALG by default.
SIP ALG replaces IP in SIP headers and SDP info.
Setting gateway in PBR for SIP traffic can trigger the SIP ALG to replace the destination with the gateway set in PBR and in such case the following output will be seen in the debug flow:
2016-04-01 15:32:29 id=20085 trace_id=2 func=print_pkt_detail line=4420 msg="vd-root received a packet(proto=17, 10.139.109.199 :3004->10.253.10.110:5060) from local. " ScopeAll FortiGates.
SolutionNot to use gateway in PBR for SIP traffic (when asymroute is disabled).
show router policy
edit 1
set input-device "port1"
set src "10.139.109.0/255.255.255.0"
set dst "0.0.0.0/0.0.0.0"
set output-device "port2"
Debug output will now show the real destination:
2016-04-01 15:48:39 id=20085 trace_id=303 func=print_pkt_detail line=4420 msg="vd-root received a packet(proto=17, 10.139.109.199:3007->10.137.90.211:5060) from local. " Related Articles
SIP and SCCP Traffic is Handled by the VoIP ALG/Proxy by default in FortiOS 5.2
