SIP - services only, does ALG apply?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

SIP - services only, does ALG apply?

L0 Member

I am troubleshooting Cisco phone registration issues through a 3020 running 7.1.7 . My rulesets are only service based (TCP/UDP 5060, 5061, etc) and allow any application.  Cisco TAC is telling me that ALG issues are interfering with registration.

 

If I am allowing any application and using services only (and the traffic is hitting these rules), is SIP inspection or ALG still being applied to the traffic?

1 REPLY 1

Cyber Elite
Cyber Elite

Yes by default Palo Alto always identifies application.

You can either disable ALG or play around with application override. In this case Palo Alto will stop at Layer 4 and you can manually specify what application Palo should identify this traffic as.

https://live.paloaltonetworks.com/t5/Management-Articles/SIP-Application-Override-Policy/ta-p/69349

Enterprise Architect, Security @ Cloud Carib Ltd
Palo Alto Networks certified from 2011
  • 1734 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!