The Lego pieces are indeed available for you go build this stuff yourself, but the engineering effort required to do so quickly make Palo Alto or Checkpoint's licensing look extremely cheap.
Yeah, until you hit some turd in fortinet (see how they mangle SDP if you send re-INVITE in a SIP dialog, even with all SIP protocol handling checkboxes disabled) and have to spend weeks with support and many hours of debugging and back and forth just trying to convince them they have an issue, after initially spending ~ 10h of dev/debugging time on trying to convince SIP phone manufacturer they have buggy SIP phone, before realizing different SIP packets are arriving on a SIP phone then are comming from PBX, because of this amazing forticrap middlebox. All the while whole company has issues with SIP telephony during attended transfers for months on end, disrupting commuincation with customers.
