Knowledgebase
How to disable SIP ALGs on Most Routers
Posted by Chris P. on 30 August 2023 02:35 PM

You can verify if your router is SIP ALG ENABLED by downloading and running our SIP ALG TESTER Program

SIP ALG Tester Download

 

Asus Routers

Disable the option SIP Passthrough under Advanced Settings / WAN -> NAT Passthrough. If your router doesn't have this option SIP ALG may be disabled via Telnet.

AVM Fritz!Box

SIP ALG cannot be disabled. (See above on how to get around this)

Barracuda Firewalls

Go to Firewall > Firewall Rules > Custom FirewallAccess Rules Click the "Disabled" checkbox next to any rules named LAN-2-INTERNET-SIP and INTERNET-2-LAN-SIP This disables SIP ALG.

Billion

Navigate to the web interface Select Configuration Select NAT Select ALG Disable SIP ALG

BT (Homehubs)

SIP ALG cannot be disabled in the settings of BT HomeHubs but can be disabled with BT Business Hub versions 3 and higher.

D-Link

In 'Advanced' settings --> 'Application Level Gateway (ALG) Conguration' un-tick the 'SIP' option.

DD-WRT

No ALG function available - Consider using a public STUN server

DrayTek

DrayTek Vigor 2760 devices, the option can be found in the regular interface at Network -> NAT -> ALG. If your device does not have a web interface then you'll need a telnet client. You will be prompted to provide a username and/or password. These are the same credentials used to access the router's web interface. Afterwards, type in these commands:

sys sip_alg 0
sys commit

On Draytek Vigor2750 and Vigor2130 please use these commands instead:

kmodule_ctl nf_nat_sip disable
kmodule_ctl nf_conntrack_sip disable

EE

Huawei E5330 Navigate to the web interface Click Settings. Enter the required username and password, then click Log In.  Note: The default username and password is admin. Click the Security dropdown. Click SIP ALG Settings. Untick the Enable SIP ALG box. Click Apply.

Fortinet

Fortigate: SIP ALG in a VoIP Profile SIP is enabled by default. If you are just using the VoIP Profile for SCCP you can use the following command to disable SIP ALG in the VOIP Profile.

config voip profile
edit VoIP_Pro_2
config sip
set status disable
end

Huawei

·         The SIP ALG setting is usually found in the Security menu.

·         Vodafone / Huawei (HHG2500)

·         TalkTalk / Huawei (HG633) 

·         EE / Huawei (E5330)

Juniper

Type the following into the CLI To check if currently enabled or disabled run show security alg status | match sip To disable run:

configure
set security alg sip disable
commit

Linksys:

Check for a SIP ALG option in the Administration tab under 'Advanced'. You should also disable the SPI Firewall option.

Mikrotik

Disable SIP Helper.

Netgear

Look for a 'SIP ALG' checkbox in 'WAN' settings. Under 'NAT Filtering' uncheck the option 'SIP ALG' Port Scan and DoS Protection should also be disabled. Disable STUN in VoIP phone's settings.

openwrt

No ALG feature - Consider using a public STUN server

SonicWALL Firewall

Under the VoIP tab, the option 'Enable Consistent NAT' should be enabled and 'Enable SIP Transformations' unchecked.

Speedtouch

To disable SIP ALG you need to telnet into your Speedtouch router and type the following: -> connection unbind application=SIP port=5060 -> saveall

Tomato

Depending on the version of Tomato, SIP ALG can be found under Advanced then Conntrack/Netlter in the Tracking/NAT Helpers section. If you nd SIP checked then SIP ALG is enabled. Uncheck it to disable it.

TP-Link

Navigate to your routers web interface. The default username is admin and the default password is admin. On the left, click on Advanced Setup and then click on NAT and then click on ALG. Uncheck the box by SIP Enabled. (Some TP firmware shows this as SIP Transformations which is the same thing). Click Save/Apply.

UBEE Gateways

Go to Advanced > Options. Disable (uncheck) SIP. Disable (uncheck) RTSP. Click Apply.

Ubiquiti

Use the configuration tree if supported: system -> conntrack -> modules -> sip -> disable

Alternatively, you can SSH into the device and run the following commands:

configure
set system conntrack modules sip disable
commit
save
exit

ZyXEL

Under Network or Advanced -> ALG un-tick the options Enable SIP ALG and Enable SIP Transformations. Telnet commands must be used to disable SIP ALG with some other Zyxel routers.
Telnet into the router.
Select menu items 24 then 8.
To display the current SIP ALG status run the following command:
ip nat service sip active
To turn off SIP ALG:
ip nat service sip active 0

ZyXEL (ZyWALL USG Routers)

Go to Settings > Conjuration > Network > ALG.
Disable SIP ALG.
Turn ON Enable SIP Transformations.
Turn OFF Enable
Configure SIP Inactivity Timeout.