How to disable SIP ALGs on Most Routers
Posted by Chris Popescu on 05 April 2019 04:17 PM
You can verify if your router is SIP ALG ENABLED by downloading and running our SIP ALG TESTER Program
Disable the option SIP Passthrough under Advanced Settings / WAN -> NAT Passthrough. If your router doesn't have this option SIP ALG may be disabled via Telnet.
SIP ALG cannot be disabled. (See above on how to get around this)
Go to Firewall > Firewall Rules > Custom FirewallAccess Rules Click the "Disabled" checkbox next to any rules named LAN-2-INTERNET-SIP and INTERNET-2-LAN-SIP This disables SIP ALG.
Navigate to the web interface Select Configuration Select NAT Select ALG Disable SIP ALG
SIP ALG cannot be disabled in the settings of BT HomeHubs but can be disabled with BT Business Hub versions 3 and higher.
In 'Advanced' settings --> 'Application Level Gateway (ALG) Conguration' un-tick the 'SIP' option.
No ALG function available - Consider using a public STUN server
DrayTek Vigor 2760 devices, the option can be found in the regular interface at Network -> NAT -> ALG. If your device does not have a web interface then you'll need a telnet client. You will be prompted to provide a username and/or password. These are the same credentials used to access the router's web interface. Afterwards, type in these commands:
sys sip_alg 0
On Draytek Vigor2750 and Vigor2130 please use these commands instead:
kmodule_ctl nf_nat_sip disable
Huawei E5330 Navigate to the web interface Click Settings. Enter the required username and password, then click Log In. Note: The default username and password is admin. Click the Security dropdown. Click SIP ALG Settings. Untick the Enable SIP ALG box. Click Apply.
Fortigate: Disabling the SIP ALG in a VoIP prole SIP is enabled by default in a VoIP prole. If you are just using the VoIP prole for SCCP you can use the following command to disable SIP in the VoIP prole.
config voip profile
· The SIP ALG setting is usually found in the Security menu.
· Vodafone / Huawei (HHG2500)
· TalkTalk / Huawei (HG633)
· EE / Huawei (E5330)
Type the following into the CLI To check if currently enabled or disabled run show security alg status | match sip To disable run:
Check for a SIP ALG option in the Administration tab under 'Advanced'. You should also disable the SPI Firewall option.
Disable SIP Helper.
Look for a 'SIP ALG' checkbox in 'WAN' settings. Under 'NAT Filtering' uncheck the option 'SIP ALG' Port Scan and DoS Protection should also be disabled. Disable STUN in VoIP phone's settings.
No ALG feature - Consider using a public STUN server
Under the VoIP tab, the option 'Enable Consistent NAT' should be enabled and 'Enable SIP Transformations' unchecked.
To disable SIP ALG you need to telnet into your Speedtouch router and type the following: -> connection unbind application=SIP port=5060 -> saveall
Depending on the version of Tomato, SIP ALG can be found under Advanced then Conntrack/Netlter in the Tracking/NAT Helpers section. If you nd SIP checked then SIP ALG is enabled. Uncheck it to disable it.
Navigate to your routers web interface. The default username is admin and the default password is admin. On the left, click on Advanced Setup and then click on NAT and then click on ALG. Uncheck the box by SIP Enabled. (Some TP firmware shows this as SIP Transformations which is the same thing). Click Save/Apply.
Go to Advanced > Options. Disable (uncheck) SIP. Disable (uncheck) RTSP. Click Apply.
Use the configuration tree if supported: system -> conntrack -> modules -> sip -> disable
Alternatively, you can SSH into the device and run the following commands:
Under Network or Advanced -> ALG un-tick the options Enable SIP ALG and Enable SIP Transformations. Telnet commands must be used to disable SIP ALG with some other Zyxel routers.
ZyXEL (ZyWALL USG Routers)
Go to Settings > Conjuration > Network > ALG.