Disable SIP ALG

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Disable SIP ALG

L3 Networker

Hi,

Is there any way of disabling the PAN SIP (Session Initiation Protocol) application ? My Voip provider has asked to turn SIP ALG off as they think its interfereing with the headers.

https://live.paloaltonetworks.com/docs/DOC-1216 This article says the PAN SIP app acts as a Application Layer Gateway.

Regards,

Sunil

6 REPLIES 6

L3 Networker

Hi,

Would increasing the time outs on the SIP protocol help , like stated in the article referenced in the previous post ? How do I know that is the defualt values ? When I cliked on customise , it just gave me the range of values I could provide , and not what the defualt value is.

What I would really like is to disable the Application Layer Gateway feature itself  as the VOIP provider uses stun servers.

Regards,

Sunil

Hi Sunil,

The ALG element is for NAT - are you running NAT on the SIP?

Thanks

James

Hi James,

We are running the voip phones behind a NAT , so they have to get translated to reach the Internet. But the Voip provider says that SIP ALG interferes with their implementation as they use STUN servers to work around NAT , so the  funtionality of a SIPALG is not needed.

And since Palo's SIP decoder acts like a ALG it seems to be curropting the packets send from the phones.

Regards,

Sunil

Hi Sunil,

I cannot see a way to disable the ALG - I'll ask around.

Another alternative is to use an application override

Thanks

James

Sunil,

App override is the way to turn off SIP alg. You will have to open up ports for return traffic as there will be no pin holes opened for the media session of the SIP call (this is one of the functionality of the ALG).

Hope this helps.

Hi James/Rajdev,

Thanks, I am using the App override feature to work around this. Are there any other application decoder that perform  additional functions other than APP Identification ?

Could I submit a feature request to have option to  disable any additonal features, so that I am certain that APP ID is not "modifying" the communication logic used in the network without me specifically asking it to ?

e.g.

Device > AppID > features

1. SIP ALG > enable/disable

2. .............

Regards,

Sunil

  • 6064 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!