SIP ALG Explained - Technical
Many of today's commercial routers implement SIP ALG (Application-level gateway) by default. While ALG can help resolve NAT-related problems, many routers' ALG implementations are brand-specific, often incorrect, and can break SIP communication.
Verify SIP ALG
You can verify if your router has SIP ALG enabled by downloading and running our SIP ALG Tester Program:
Router-Specific Instructions to Disable SIP ALG
Asus Routers: Disable SIP Passthrough under Advanced Settings / WAN -> NAT Passthrough. If your router doesn't have this option, SIP ALG may be disabled via Telnet.
AVM Fritz!Box: SIP ALG cannot be disabled.
Barracuda Firewalls: Go to Firewall -> Firewall Rules -> Custom Firewall Access Rules and disable the rules named LAN-2-INTERNET-SIP and INTERNET-2-LAN-SIP.
Billion: Navigate to the web interface: Configuration -> NAT -> ALG and disable SIP ALG.
BT Homehubs: SIP ALG cannot be disabled in the settings of BT HomeHubs but can be disabled with BT Business Hub versions 3 and higher.
D-Link: In Advanced settings -> Application Level Gateway (ALG) Configuration, untick the SIP option.
DD-WRT: No ALG function available. Consider using a public STUN server.
DrayTek: DrayTek Vigor 2760: Network -> NAT -> ALG.
Telnet commands for other devices:
sys sip_alg 0; sys commitkmodule_ctl nf_nat_sip disable; kmodule_ctl nf_conntrack_sip disableEE (Huawei E5330): Navigate to Settings -> Security -> SIP ALG Settings, untick Enable SIP ALG, and click Apply.
Fortinet: Fortigate: Disable SIP ALG in a VoIP Profile using:
config voip profile; edit VoIP_Pro_2; config sip; set status disable; endHuawei: The SIP ALG setting is usually found in the Security menu.
Juniper: To check status: show security alg status | match sip. To disable:
configure; set security alg sip disable; commitLinksys: Check for a SIP ALG option in the Administration tab under Advanced. Disable the SPI Firewall option as well.
Mikrotik: Disable SIP Helper with:
/ip firewall service-port disable sipNetgear: Look for a SIP ALG checkbox in WAN settings. Under NAT Filtering, uncheck the option SIP ALG. Also, disable Port Scan and DoS Protection.
OpenWRT: No ALG feature available. Consider using a public STUN server.
SonicWALL Firewall: Under the VoIP tab, enable Consistent NAT and uncheck Enable SIP Transformations.
Speedtouch: Telnet commands:
connection unbind application=SIP port=5060; saveallTomato: Depending on the version, SIP ALG can be found under Advanced -> Conntrack/Netfilter. Uncheck it to disable SIP ALG.
TP-Link: Navigate to the web interface: Advanced Setup -> NAT -> ALG. Uncheck SIP Enabled (or SIP Transformations), and click Save/Apply.
UBEE Gateways: Go to Advanced -> Options. Disable (uncheck) SIP and RTSP, and click Apply.
Ubiquiti: Configuration tree: system -> conntrack -> modules -> sip -> disable. Or SSH into the device:
configure; set system conntrack modules sip disable; commit; save; exitZyXEL: Under Network or Advanced -> ALG, un-tick Enable SIP ALG and Enable SIP Transformations. For some routers, use telnet commands:
ip nat service sip active 0ZyXEL (ZyWALL USG Routers): Go to Settings -> Configuration -> Network -> ALG. Disable SIP ALG, enable SIP Transformations, and configure SIP Inactivity Timeout.
By following these instructions, you can disable SIP ALG on various routers, which can help resolve issues related to SIP-based VoIP services. If you continue to experience problems, consider using the SIP ALG Tester to verify the changes or contact technical support for further assistance.