10-13-2017 07:45 AM
I am troubleshooting Cisco phone registration issues through a 3020 running 7.1.7 . My rulesets are only service based (TCP/UDP 5060, 5061, etc) and allow any application. Cisco TAC is telling me that ALG issues are interfering with registration.
If I am allowing any application and using services only (and the traffic is hitting these rules), is SIP inspection or ALG still being applied to the traffic?
10-13-2017 07:56 AM - edited 10-13-2017 07:58 AM
Yes by default Palo Alto always identifies application.
You can either disable ALG or play around with application override. In this case Palo Alto will stop at Layer 4 and you can manually specify what application Palo should identify this traffic as.
https://live.paloaltonetworks.com/t5/Management-Articles/SIP-Application-Override-Policy/ta-p/69349
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
