Vantact Support Main Site
arrow_back Back to articles

Devices

How to Disable SIP ALG on a Mikrotik

SIP ALG Explained - Technical

Many of today's commercial routers implement SIP ALG (Application-level gateway) by default. Brands such as Cisco, Netgear, D-Link, and Mikrotik often have this feature enabled. While ALG can help resolve NAT-related problems, many routers' ALG implementations are brand-specific, often incorrect, and can break SIP.

An ALG understands the protocol used by the specific applications it supports (in this case, SIP) and performs protocol packet inspection on traffic passing through it. A NAT router with a built-in SIP ALG can rewrite information within SIP messages (SIP headers and SDP body) to facilitate signaling and audio traffic between the client behind NAT and the SIP endpoint.

SIP ALG Problems

Poor Implementations:

  • Many commercial routers have poor SIP ALG implementations that can break SIP signaling.
  • SIP ALG is generally useful only for outgoing calls, not incoming ones.

Lack of Incoming Calls:

  • SIP ALGs may rewrite REGISTER requests incorrectly, preventing the SIP proxy from detecting NAT and maintaining the necessary UDP keepalive, leading to missed incoming calls.

Breaking SIP Signaling:

  • Incorrect modifications of SIP headers and SDP bodies can disrupt SIP communication.
  • Common errors include incorrect port values, misplaced or omitted header parameters, and overall corruption of SIP messages.

Disallowing Server-side Solutions:

  • Even with a server-side NAT solution, SIP ALG can break communication if enabled, making it crucial to disable it.

How to Verify SIP ALG

You can verify if your router is SIP ALG ENABLED by downloading and running our SIP ALG Tester Program:

SIP ALG Tester Download

Mikrotik Disable SIP ALG Procedure

Mikrotik SIP ALG is referred to as a SIP Helper and is located under /IP>Firewall>Service Ports.

Terminal Method:

To disable SIP ALG, run the following command in the terminal:

sh
Copy code
/ip firewall service-port disable sip

Winbox GUI Method:

  1. Navigate to IP > Firewall.
  2. Click on the Service Ports tab.
  3. Locate SIP and disable it through the GUI.

By following these steps, you can disable the SIP ALG feature on your Mikrotik router, which can help resolve issues related to SIP-based VoIP services. If you continue to experience problems, consider using the SIP ALG Tester to verify the changes or contact technical support for further assistance.