Fortigate disable port 5060, 2000, 541

Reference:

Port 2000 and 5060 open by default (How to close)

Cannot Disable FMG-Access

 

port 5060, 2000:

 

To disable the SIP helper /  ALG i used the following code

config system settings
set default-voip-alg-mode kernel-helper-based
end

Important is that you need to configure it on all the VDOM`s

A reboot is not necessary, Clearing the sessions worked for us:

diagnose sys session filter
diagnose sys session filter dport 5060
diagnose sys session clear
diagnose sys session filter dport 2000
diagnose sys session clear

 

PS. port 2000關不掉，找時間重開機試試看。

 

port 541:

config system interface
edit <wan-interface>
unselect allowaccess fgfm
set ident-accept enable
end