SIP ALG Explained - Technical
Many of today's commercial routers implement SIP ALG (Application-level gateway) by default. While ALG can help resolve NAT-related problems, many routers' ALG implementations are brand-specific, often incorrect, and can break SIP communication.
Verify SIP ALG
You can verify if your router has SIP ALG enabled by downloading and running our SIP ALG Tester Program:
Router-Specific Instructions to Disable SIP ALG
Asus Routers:
- Disable SIP Passthrough under Advanced Settings / WAN -> NAT Passthrough. If your router doesn't have this option, SIP ALG may be disabled via Telnet.
AVM Fritz!Box:
- SIP ALG cannot be disabled.
Barracuda Firewalls:
- Go to Firewall > Firewall Rules > Custom Firewall Access Rules and disable the rules named LAN-2-INTERNET-SIP and INTERNET-2-LAN-SIP.
Billion:
- Navigate to the web interface: Configuration > NAT > ALG and disable SIP ALG.
BT Homehubs:
- SIP ALG cannot be disabled in the settings of BT HomeHubs but can be disabled with BT Business Hub versions 3 and higher.
D-Link:
- In Advanced settings > Application Level Gateway (ALG) Configuration, untick the SIP option.
DD-WRT:
- No ALG function available. Consider using a public STUN server.
DrayTek:
- DrayTek Vigor 2760: Network > NAT > ALG.
- Telnet commands for other devices:sqlCopy code
sys sip_alg 0 sys commit - For Draytek Vigor2750 and Vigor2130:bashCopy code
kmodule_ctl nf_nat_sip disable kmodule_ctl nf_conntrack_sip disable
- Telnet commands for other devices:
EE (Huawei E5330):
- Navigate to Settings > Security > SIP ALG Settings, untick Enable SIP ALG, and click Apply.
Fortinet:
- Fortigate: Disable SIP ALG in a VoIP Profile using:arduinoCopy code
config voip profile edit VoIP_Pro_2 config sip set status disable end
Huawei:
- The SIP ALG setting is usually found in the Security menu.
Juniper:
- To check status:
show security alg status | match sip - To disable:bashCopy code
configure set security alg sip disable commit
Linksys:
- Check for a SIP ALG option in the Administration tab under Advanced. Disable the SPI Firewall option as well.
Mikrotik:
- Disable SIP Helper with:bashCopy code
/ip firewall service-port disable sip
Netgear:
- Look for a SIP ALG checkbox in WAN settings. Under NAT Filtering, uncheck the option SIP ALG. Also, disable Port Scan and DoS Protection.
OpenWRT:
- No ALG feature available. Consider using a public STUN server.
SonicWALL Firewall:
- Under the VoIP tab, enable Consistent NAT and uncheck Enable SIP Transformations.
Speedtouch:
- Telnet commands:Copy code
connection unbind application=SIP port=5060 saveall
Tomato:
- Depending on the version, SIP ALG can be found under Advanced -> Conntrack/Netfilter. Uncheck it to disable SIP ALG.
TP-Link:
- Navigate to the web interface: Advanced Setup > NAT > ALG. Uncheck SIP Enabled (or SIP Transformations), and click Save/Apply.
UBEE Gateways:
- Go to Advanced > Options. Disable (uncheck) SIP and RTSP, and click Apply.
Ubiquiti:
- Configuration tree: system -> conntrack -> modules -> sip -> disable
- Or SSH into the device:bashCopy code
configure set system conntrack modules sip disable commit save exit
ZyXEL:
- Under Network or Advanced -> ALG, un-tick Enable SIP ALG and Enable SIP Transformations. For some routers, use telnet commands:Copy code
ip nat service sip active ip nat service sip active 0
ZyXEL (ZyWALL USG Routers):
- Go to Settings > Configuration > Network > ALG. Disable SIP ALG, enable SIP Transformations, and configure SIP Inactivity Timeout.
By following these instructions, you can disable SIP ALG on various routers, which can help resolve issues related to SIP-based VoIP services. If you continue to experience problems, consider using the SIP ALG Tester to verify the changes or contact technical support for further assistance.