VoIP problems can be frustrating. They can be difficult to diagnose and when they do pop up they’re usually urgent. The good news is VoIP is technically quite simple and most, if not all, the problems we come across as a business phone systems provider are related to poor firewall configuration and SIP ALG.
In this article we discuss what is SIP ALG, the problems it causes for business phone systems, why you should turn it off and how to do it on some of the most common routers we see.
What is SIP ALG?
SIP ALG stands for SIP Application Layer Gateway and is a feature incorporated in many commercial routers. It is intended to track the VoIP/SIP packets passing through the router and modify them to fix common issues caused by firewalls and NAT.
Many routers have SIP ALG turned on by default.
Why should it be turned off?
Nowadays, most VoIP providers are equipped to handle customers and handsets connecting from a private network using NAT which is the primary problem SIP ALG aims to solve. As a result, SIP ALG tends to cause more problems than it solves.
The problems caused by SIP ALG are often intermittent or only affect some of your handsets at any one time. Some of the common problems we come across which are caused by SIP ALG are:
- Handsets don’t register.
- Incoming calls do not go where they should – you might find some or all handsets in a hunt group do not ring when a call arrives, or you cannot call between some extensions.
- BLF keys don’t behave the way you expect them to.
- One way or no audio after a call connects.
If you find your VoIP phones work most of the time but do some weird things, SIP ALG should be the first thing you’re looking at!
How do I turn SIP ALG off?
Every router is different. Here are the steps for the most common routers we come across:
How to turn off SIP ALG on a FortiGate firewall
- Logon to your FortiGate’s console
- Type ‘config system session-helper’ and press enter
- Type ‘show’
- Find the entry which shows ‘set name sip’ and note the ID (it’s usually 13)
- Type ‘delete 13’ (or the number shown on your firewall) and then ‘end’
- Type ‘config system settings’
- Type ‘set default-voip-alg-mode kernel-helper-based’ and then ‘end’
- Type ‘config voip profile’ then ‘edit default’
- Type ‘config sip’ then ‘set status disable’
- Type ‘end’ then ‘end’
- Reboot the router
How to turn off SIP ALG on a Draytek router
The settings for SIP ALG are under the NAT -> ALG menu on the left-hand side of your web configuration interface.
How to turn off SIP ALG on a Mikrotik router
Disable SIP under IP -> Firewall -> Service Ports.
In the CLI, the command is: ip firewall service-port set [find name=sip] disabled=yes
How to turn off SIP ALG on a Ubiquiti router
Logon to your router and navigate to Settings -> Firewall -> Routing & Firewall -> Conntrack Modules. Disable SIP & H.323.
How to turn off SIP ALG on a TP-LINK router
Logon to your routers web interface and navigate to Network -> ALG Settings. Disable SIP.
How to turn off SIP ALG on a D-Link router
Logon to your routers web interface and navigate to Advanced -> Firewall Settings. Untick the SIP and ‘Enable SPI’ option.
How to turn off SIP ALG on a Billion router
Logon to your routers web interface and navigate to Advanced Setup -> NAT -> ALG. Disable SIP.