Frequently Asked Question

How to Disable SIP ALG
Last Updated 7 months ago




Graphical user interface, application Description automatically generated

Please click here to check SIP ALG:

Click to check SIP ALG

Optimal results displayed below:

Text Description automatically generated

What is SIP ALG

SIP

ALG is a feature found in most networked routers, operating as a

function of its firewall. It consists of two different technologies,

explained below:

Session

Initiation Protocol (SIP) - The underlying service that powers all

Voice over Internet Protocol (VoIP) phones, apps, and devices. SIP

manages registering devices, maintaining call presence, and overseeing

the call audio. Read more about SIP in our deep dive here.
Application

Layer Gateway (ALG) - Routers segments your ISP and your internal

network through a process known as Network Address Translation (NAT). An

ALG acts as a proxy to rewrite the destination addresses in data

packets for improved connectivity.

A picture containing electronics, projector Description automatically generated

Where does SIP ALG Present Issues?

The

problem with SIP ALG is the fact that most times, packet rewriting

causes undesirable operation. The intent of the technology was to assist

the packet flow of SIP and other packets and help solve NAT related

problems. In this case, the ALG's function is to perform a stateful

packet level inspection (SPI) of traffic coming through it. SIP messages

would then be re-written by SIP ALG to allow the correct communication

of signaling and voice traffic between endpoints and effective NAT

traversal. The frequent result in lower end routers is however a

hindrance for data transmission due to poor implementations of ALG that

break SIP. Most commonly, the issues many experience relate to one-way

or no audio, depending on who initiates the call.

In most cases, it is recommended that SIP ALG, SPI and SIP transformations are disabled.

Signs SIP ALG affects VoIP calls

There

are a few categories of symptoms SIP ALG could affect VoIP phone. It's

not always apparent, especially since these issues often happen silently

without users knowing.

One-way audio (only one person can hear the other)
Phones do not ring when called
Calls drop after being connected
Calls going straight to voicemail for no known reason
What's

happening is that some VoIP traffic is lost between the phone and the

VoIP service provider. This interruption is happening because of router

firewalls. This traffic is essential to maintaining the phone's

availability and selecting the proper audio codecs.

How To Disable SIP ALG On Popular Routers

With

most setups, it is best to disable this feature as this service usually

does more harm than good. The following section will help to assist

most with disabling this feature on their router. The first few sections

will cover the basis of disabling SIP ALG and SPI for higher-class

enterprise devices while the lower sections relate to common devices

used in small offices or homes.

NetGear
Netgear devices typically ship with the SIP ALG enabled. To disable you will need to do the following.

Prosafe Devices
Access the Netgears WWW GUI by browsing to it's LAN IP Address. The default IP is 192.168.0.1
Login to the device. The default user is 'admin' and the default pass is 'password'
Select 'Security' → 'Firewall' → 'Advanced'
To disable the SIP ALG, uncheck the option 'Enable SIP ALG' as shown below:

Graphical user interface, application Description automatically generated

Newer Netgear Devices/Netgear genie; Nighthawk 8000
To disable the SIP ALG on the Nighthawk 8000 series devices, you will need to

Login to the WWW GUI for the Router
Select Advanced → Setup → WAN Setup
Check the box labeled 'Disable SIP ALG' under the NAT filtering section:

Graphical user interface, application, website Description automatically generated

Asus
Older

versions of Asus firmware typically only support disabling the SIP ALG

via the command line interface. If you do not see the option to disable

the SIP ALG in the GUI, check to see if your router has a firmware

update.

To

disable the SIP ALG present in most later version of Asus firmware you

will need to log into the GUI and browse to 'NAT Passthrough' → and set

'SIP Passthrough' to disabled as shown here:

A screenshot of a computer Description automatically generated

D-Link
There are a couple of steps to disabling a SIP ALG on a D-Link device.

Using the web browser of your choice, enter the D-Link routers local IP into the address bar and login when prompted
Once you have logged in, click on 'Advanced' on the top navigation bar → then click on the 'Firewall Settings' tab
Uncheck the 'Enable SPI' box as well as set 'NAT Endpoint Filtering' for TCP & UDP to 'Endpoint Independent'
After

that has been set, find the 'Application Level Gateway (ALG)'

configuration near the bottom and uncheck the 'SIP' field as shown

below.
Save the settings and reboot the device

Graphical user interface, text, application Description automatically generated

Linksys
The RV042 will not work with firmware versions older than version 1.3.12.6 or possibly version 1.3.12.19.
Update to the latest firmware available for this device and it should function properly.

The

E1700 series devices (as well as some similar LInksys models) allow

disabling of the SIP ALG via the Administration tab → Management → SIP

ALG section as shown here:

Graphical user interface, application Description automatically generated

Arris
The

DG1670A runs the same firmware as the DG860A with the additional

capability of disabling the SIP ALG. Even with the SIP ALG disabled (as

shown below), field reports indicate that a UDP session timer issue

remains, which will continue to cause issues.

Graphical user interface, website Description automatically generated

AT&T (2WIRE)
At

the time this article was written, most AT&T services - whether DSL

or UVERSE - are packaged with a 2WIRE device. Fortunately, the company

allows disabling the service with minimal headache for most models and

services. Yet, some models do not have this feature making this process

cumbersome.

Type in the device IP address of http://192.168.1.254 in any browser address bar. Default username is "admin" and the password can be found on the bottom on the 2wire device.

Go to the "Firewall" menu and then select the option for "Applications, Pinholes and DMZ". Select your phone adapter from the the list of IP addresses and then the radio button to "Allow all applications (DMZplus mode)". Save the settings and you have now put your adapter in the DMZ plus zone.

SIP ALG now needs to be disabled via the ‘Management and Diagnostic Console’ that can be accessed by entering http://192.168.1.254/mdc (note that not all models of 2wire modems can access this menu and edit the settings).

If you can access this console, click on the "Configure Services" found under the "Advanced" heading.

A setting notated as "SIP Application Layer Gateway" should be unchecked - hit the \[SUBMIT\] item and follow any additional prompts. See figure 5 below for a screen shot:

Graphical user interface, text, application, email Description automatically generated

Figure 5: Disabling SIP ALG on a AT&T 2Wire Modem

Some

have stated that it is not possible to turn off this setting. Newer

firmware deployments on current models (as of April 2015, when this

article was originally written) may not allow disabling this option.

Contacting customer service to remote into your device will be the only

way to turn off this setting.

Actiontec (FIOS)
The

Actiontec GT784WN & GT784WNV both have a SIP ALG that cannot be

disabled from the HTTP administrative interface or from telnet. The

issues with these devices are further compounded by the fact that the

firewall, when set to the 'NAT only' setting, intermittently blocks keep

alive messages from various devices.

Our

recommendation to utilize the GT784WN or the GT784WNV is to set it in

bridge-mode and implement a SIP compliant router behind it (use it only

as a gateway).

Comcast | Xfinity
At

the time this article was written (April 2015), there is no possible

way to disable SIP ALG on a Comcast router by yourself. Worse yet, the

company will not disable this feature for most customers.

Since

both residential and business customers do not have an option to

disable this setting from the router configuration menu, using VoIP

means one of the following options will be necessary:

Buying the Comcast / Xfinity phone service.
Hope your service transposes appropriately with SIP ALG.
Connect another router to you gateway and put it in bridge mode.
Purchase your own modem compatible with Comcast/Xfinity.

The

company locks down the devices such that the only voice service allowed

is Comcast/Xfinity. The recommended solution involves purchasing a

compatible modem for

the service where greater control is possible. At this point, contact

your VoIP vendor - many have unique firmware settings to push to the

device as well as instructions for applying settings for a functional

service.

Final Thoughts

Most

agree that SIP ALG is the ultimate bane for VoIP services. Sadly, this

technology that is supposed to help such transmissions proves to be a

hindrance for virtually every product and service in existence. Though

many companies have a workaround, some lack a solid solution.

We

are very interested in hearing your unique problems and resolutions

involving this mechanism and if you would like us to investigate other

routers. Please, take a moment to comment or ask a question - we would

like to help as many VoIP consumers as possible!

Please Wait!

Please wait... it will take a second!