This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Disable SIP ALG

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Disable SIP ALG

sunilsadanandan
L3 Networker

‎07-22-2011 06:02 AM

Hi,

Is there any way of disabling the PAN SIP (Session Initiation Protocol) application ? My Voip provider has asked to turn SIP ALG off as they think its interfereing with the headers.

https://live.paloaltonetworks.com/docs/DOC-1216 This article says the PAN SIP app acts as a Application Layer Gateway.

Regards,

Sunil

0 Likes Likes
6 REPLIES 6

sunilsadanandan
L3 Networker

‎07-22-2011 06:11 AM

Hi,

Would increasing the time outs on the SIP protocol help , like stated in the article referenced in the previous post ? How do I know that is the defualt values ? When I cliked on customise , it just gave me the range of values I could provide , and not what the defualt value is.

What I would really like is to disable the Application Layer Gateway feature itself  as the VOIP provider uses stun servers.

Regards,

Sunil

0 Likes Likes

James
L4 Transporter
In response to sunilsadanandan

‎07-22-2011 06:24 AM

Hi Sunil,

The ALG element is for NAT - are you running NAT on the SIP?

Thanks

James

0 Likes Likes

sunilsadanandan
L3 Networker
In response to James

‎07-22-2011 06:38 AM

Hi James,

We are running the voip phones behind a NAT , so they have to get translated to reach the Internet. But the Voip provider says that SIP ALG interferes with their implementation as they use STUN servers to work around NAT , so the  funtionality of a SIPALG is not needed.

And since Palo's SIP decoder acts like a ALG it seems to be curropting the packets send from the phones.

Regards,

Sunil

0 Likes Likes

James
L4 Transporter
In response to sunilsadanandan

‎07-22-2011 07:20 AM

Hi Sunil,

I cannot see a way to disable the ALG - I'll ask around.

Another alternative is to use an application override

Thanks

James

mrajdev
L4 Transporter
In response to James

‎07-22-2011 07:24 AM

Sunil,

App override is the way to turn off SIP alg. You will have to open up ports for return traffic as there will be no pin holes opened for the media session of the SIP call (this is one of the functionality of the ALG).

Hope this helps.

sunilsadanandan
L3 Networker
In response to mrajdev

‎07-25-2011 07:01 AM

Hi James/Rajdev,

Thanks, I am using the App override feature to work around this. Are there any other application decoder that perform  additional functions other than APP Identification ?

Could I submit a feature request to have option to  disable any additonal features, so that I am certain that APP ID is not "modifying" the communication logic used in the network without me specifically asking it to ?

e.g.

Device > AppID > features

1. SIP ALG > enable/disable

2. .............

Regards,

Sunil

0 Likes Likes
  • 6953 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks