How to disable SIP ALGs on Most Routers
Posted by Chris Popescu on 05 April 2019 04:17 PM

You can verify if your router is SIP ALG ENABLED by downloading and running our SIP ALG TESTER Program

SIP ALG Tester Download


Asus Routers

Disable the option SIP Passthrough under Advanced Settings / WAN -> NAT Passthrough. If your router doesn't have this option SIP ALG may be disabled via Telnet.

AVM Fritz!Box

SIP ALG cannot be disabled. (See above on how to get around this)

Barracuda Firewalls

Go to Firewall > Firewall Rules > Custom FirewallAccess Rules Click the "Disabled" checkbox next to any rules named LAN-2-INTERNET-SIP and INTERNET-2-LAN-SIP This disables SIP ALG.


Navigate to the web interface Select Configuration Select NAT Select ALG Disable SIP ALG

BT (Homehubs)

SIP ALG cannot be disabled in the settings of BT HomeHubs but can be disabled with BT Business Hub versions 3 and higher.


In 'Advanced' settings --> 'Application Level Gateway (ALG) Conguration' un-tick the 'SIP' option.


No ALG function available - Consider using a public STUN server


DrayTek Vigor 2760 devices, the option can be found in the regular interface at Network -> NAT -> ALG. If your device does not have a web interface then you'll need a telnet client. You will be prompted to provide a username and/or password. These are the same credentials used to access the router's web interface. Afterwards, type in these commands:

sys sip_alg 0
sys commit

On Draytek Vigor2750 and Vigor2130 please use these commands instead:

kmodule_ctl nf_nat_sip disable
kmodule_ctl nf_conntrack_sip disable


Huawei E5330 Navigate to the web interface Click Settings. Enter the required username and password, then click Log In.  Note: The default username and password is admin. Click the Security dropdown. Click SIP ALG Settings. Untick the Enable SIP ALG box. Click Apply.


Fortigate: Disabling the SIP ALG in a VoIP prole SIP is enabled by default in a VoIP prole. If you are just using the VoIP prole for SCCP you can use the following command to disable SIP in the VoIP prole.

config voip profile
edit VoIP_Pro_2
config sip
set status disable


·         The SIP ALG setting is usually found in the Security menu.

·         Vodafone / Huawei (HHG2500)

·         TalkTalk / Huawei (HG633) 

·         EE / Huawei (E5330)


Type the following into the CLI To check if currently enabled or disabled run show security alg status | match sip To disable run:

set security alg sip disable


Check for a SIP ALG option in the Administration tab under 'Advanced'. You should also disable the SPI Firewall option.


Disable SIP Helper.


Look for a 'SIP ALG' checkbox in 'WAN' settings. Under 'NAT Filtering' uncheck the option 'SIP ALG' Port Scan and DoS Protection should also be disabled. Disable STUN in VoIP phone's settings.


No ALG feature - Consider using a public STUN server

SonicWALL Firewall

Under the VoIP tab, the option 'Enable Consistent NAT' should be enabled and 'Enable SIP Transformations' unchecked.


To disable SIP ALG you need to telnet into your Speedtouch router and type the following: -> connection unbind application=SIP port=5060 -> saveall


Depending on the version of Tomato, SIP ALG can be found under Advanced then Conntrack/Netlter in the Tracking/NAT Helpers section. If you nd SIP checked then SIP ALG is enabled. Uncheck it to disable it.


Navigate to your routers web interface. The default username is admin and the default password is admin. On the left, click on Advanced Setup and then click on NAT and then click on ALG. Uncheck the box by SIP Enabled. (Some TP firmware shows this as SIP Transformations which is the same thing). Click Save/Apply.

UBEE Gateways

Go to Advanced > Options. Disable (uncheck) SIP. Disable (uncheck) RTSP. Click Apply.


Use the configuration tree if supported: system -> conntrack -> modules -> sip -> disable

Alternatively, you can SSH into the device and run the following commands:

set system conntrack modules sip disable


Under Network or Advanced -> ALG un-tick the options Enable SIP ALG and Enable SIP Transformations. Telnet commands must be used to disable SIP ALG with some other Zyxel routers.
Telnet into the router.
Select menu items 24 then 8.
To display the current SIP ALG status run the following command:
ip nat service sip active
To turn off SIP ALG:
ip nat service sip active 0

ZyXEL (ZyWALL USG Routers)

Go to Settings > Conjuration > Network > ALG.
Disable SIP ALG.
Turn ON Enable SIP Transformations.
Turn OFF Enable
Configure SIP Inactivity Timeout.