Showing results for 
Show  only  | Search instead for 
Did you mean: 


L3 Networker

Hello world,

I've the following problem after move a VOIP DMZ on PALO ALTO 2050 5.0.11:

If I dial in from outside, then the answer is almost immediate, so that is fine, but when I call out the line is dead for 35-40 seconds before a ringing tone is heard

I don't uderstand this delay? I try to do an application override but the issue stay. I can't see any drop on the firewall. Somebody know this problem?



L6 Presenter

I advise you to upgrade 6.0.x and disable sip alg.

we solved a lot issue with that.

thks for your answerPANOS

but when I do an application OVERRIDE ALG is not used no?

Not applicable


You do not say if it is a SIP or H323 VOIP setup?  I ask because we had all kinds of problems with SIP through a PA200 with lines dropping and FORBIDDEN messages.   As recommended we disabled sip alg and the problem still persisted.

The problem was raised with PA (we sent one of our phones to their test labs in Holland!!).    Their engineer finally tied down the problem to the SIP UDP session timeouts.   The default on a PA is 30 seconds but our phones were using 45 seconds.  Once we changed the timeout to 1 minute the problem went away.     It might be coincidence but you are experiencing times to work of around 35 to 40 seconds

Hope this helps.


L7 Applicator

Yes, as per my understanding you are correct. When app-override in place, it will skip layes-7 processing already (ALG).


I knew it was the same but it is not

support engineers answer for that

"ALG is a little bit more sophisticated than manual application override, as it just disables an ALG inspection while with app-override we offload the whole traffic"

Hi ,

I confirm that the protocol used is sip. So your information is very interesting. I ll try to do this change on the PALO ALTO next week. and inform you about it

thks for your answer.

Hi Alle,

SIP is a diverse protocol, every vendor implements it in little different way. While PANW try to stick with RFC becuase of that sometimes it doesn work.

in this situation I would suggest to try with App Override, that can help.


Hardik Shah

L4 Transporter


we had the same issue with Cisco phones. With delay ring and no voice. With application override it works perfectly:


As you can see... from the phone (policies *-1-1; -2-1; 3-1) to our voice network and the other way around (policies *-1-2; -2-2; 3-2). Just create customs app with e.g.: sip-override: udp/5060 ; rtcp-rtp: udp/16384-32767 ; sccp-override: tcp/2000. We are using the policies with the Version 6 as well...

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!