Is there any way of disabling the PAN SIP (Session Initiation Protocol) application ? My Voip provider has asked to turn SIP ALG off as they think its interfereing with the headers.
https://live.paloaltonetworks.com/docs/DOC-1216 This article says the PAN SIP app acts as a Application Layer Gateway.
Would increasing the time outs on the SIP protocol help , like stated in the article referenced in the previous post ? How do I know that is the defualt values ? When I cliked on customise , it just gave me the range of values I could provide , and not what the defualt value is.
What I would really like is to disable the Application Layer Gateway feature itself as the VOIP provider uses stun servers.
We are running the voip phones behind a NAT , so they have to get translated to reach the Internet. But the Voip provider says that SIP ALG interferes with their implementation as they use STUN servers to work around NAT , so the funtionality of a SIPALG is not needed.
And since Palo's SIP decoder acts like a ALG it seems to be curropting the packets send from the phones.
App override is the way to turn off SIP alg. You will have to open up ports for return traffic as there will be no pin holes opened for the media session of the SIP call (this is one of the functionality of the ALG).
Hope this helps.
Thanks, I am using the App override feature to work around this. Are there any other application decoder that perform additional functions other than APP Identification ?
Could I submit a feature request to have option to disable any additonal features, so that I am certain that APP ID is not "modifying" the communication logic used in the network without me specifically asking it to ?
Device > AppID > features
1. SIP ALG > enable/disable
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!