How and When to disable SIP ALG ?
09/28/2023 94 People found this article helpful 471,320 Views
Description
SIP ALG : SIP ALG (Application Layer Gateway) is a mechanism found in most routers that rewrites packets transmitted across the device. Certain protocols are processed by the application layer gateway (ALG) and rewritten to allow better flow through a firewall or when NAT (Network Address Translation) is employed. The SIP protocol is one of several protocols managed by this system.
One of the most common issues with VoIP solutions relates to audio transmission and presence of a firewall and/or NAT traversal being configured. In many cases, a properly configured system may still have audio issues when transmitting or receiving calls where only one party is heard during a call. Implementing the necessary changes to disable SIP ALG can oftentimes resolve these issues.
SIP ALG modifies the destination addresses of VoIP packets causing reliability issues.
Resolution
Resolution for SonicOS 7.X
This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.
Here's how you can disable SIP ALG:
- Navigate to Network | VOIP | Settings
- Enable Consistent NAT
- Disable the option Enable SISP Transformations
NOTE: Consistent NAT enhances standard NAT policy to provide greater compatibility with peer-to-peer applications that require a consistent IP address to connect to, such as VoIP. Consistent NAT uses an MD5 hashing method to consistently assign the same mapped public IP address and UDP Port pair to each internal private IP address and port pair.
CAUTION: Enabling Consistent NAT causes a slight decrease in overall security, because of the increased predictability of the address and port pairs.
- Navigate to Policy | Access rules | Edit the LAN to WAN Access rule (Source zone here is LAN, you need to select the zone in which your phones are located), and change the UDP timeout from default 30 seconds to 120 seconds.
Resolution for SonicOS 6.5
This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.
Here's how you can disable SIP ALG:
- Navigate to MANAGE | VoIP
- Click on VoIP
- Enable the Check-box, Enable consistent NAT.
NOTE: Consistent NAT enhances standard NAT policy to provide greater compatibility with peer-to-peer applications that require a consistent IP address to connect to, such as VoIP. Consistent NAT uses an MD5 hashing method to consistently assign the same mapped public IP address and UDP Port pair to each internal private IP address and port pair.
CAUTION: Enabling Consistent NAT causes a slight decrease in overall security, because of the increased predictability of the address and port pairs.
- Disable the check box, Enable SIP Transformations.
Optionally, Change the UDP timeout on the LAN to WAN Access rule.
- Navigate to Manage | Rules |Access Rules |Edit the LAN to WAN Access rule, (Source zone here is LAN, you need to select the zone in which your phones are located), and change the UDP timeout from default 30 seconds to 120 seconds.
When to disable SIP ALG ?
Disable SIP ALG on firewall, when you set up your VoIP phone system, but you’re experiencing issues like listed below:
- One-way audio (only one person can hear the other)
- Phones do not ring when called
- No incoming calls
- Calls drop after being connected
- Calls going straight to Voicemail for no known reason.
NOTE: Enable the SIP ALG only if your router manufacturer or VoIP provided has instructed.
e text here Related Articles
Categories
Was This Article Helpful?
YESNO