Disable SIP ALG

Reply
Highlighted
L3 Networker

Disable SIP ALG

Hi,

Is there any way of disabling the PAN SIP (Session Initiation Protocol) application ? My Voip provider has asked to turn SIP ALG off as they think its interfereing with the headers.

https://live.paloaltonetworks.com/docs/DOC-1216 This article says the PAN SIP app acts as a Application Layer Gateway.

Regards,

Sunil

Highlighted
L3 Networker

Re: Disable SIP ALG

Hi,

Would increasing the time outs on the SIP protocol help , like stated in the article referenced in the previous post ? How do I know that is the defualt values ? When I cliked on customise , it just gave me the range of values I could provide , and not what the defualt value is.

What I would really like is to disable the Application Layer Gateway feature itself  as the VOIP provider uses stun servers.

Regards,

Sunil

Highlighted
L4 Transporter

Re: Disable SIP ALG

Hi Sunil,

The ALG element is for NAT - are you running NAT on the SIP?

Thanks

James

Highlighted
L3 Networker

Re: Disable SIP ALG

Hi James,

We are running the voip phones behind a NAT , so they have to get translated to reach the Internet. But the Voip provider says that SIP ALG interferes with their implementation as they use STUN servers to work around NAT , so the  funtionality of a SIPALG is not needed.

And since Palo's SIP decoder acts like a ALG it seems to be curropting the packets send from the phones.

Regards,

Sunil

L4 Transporter

Re: Disable SIP ALG

Hi Sunil,

I cannot see a way to disable the ALG - I'll ask around.

Another alternative is to use an application override

Thanks

James

Highlighted
L4 Transporter

Re: Disable SIP ALG

Sunil,

App override is the way to turn off SIP alg. You will have to open up ports for return traffic as there will be no pin holes opened for the media session of the SIP call (this is one of the functionality of the ALG).

Hope this helps.

Highlighted
L3 Networker

Re: Disable SIP ALG

Hi James/Rajdev,

Thanks, I am using the App override feature to work around this. Are there any other application decoder that perform  additional functions other than APP Identification ?

Could I submit a feature request to have option to  disable any additonal features, so that I am certain that APP ID is not "modifying" the communication logic used in the network without me specifically asking it to ?

e.g.

Device > AppID > features

1. SIP ALG > enable/disable

2. .............

Regards,

Sunil

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!