Add the following:
no ip firewall alg sip
Arris Gateway IP Address: 192.168.0.1
no inspect sip
SIP ALG is located in (via the web interface):
For phones to pick up the change immediately, reboot each of them, otherwise they will pick up the new NAT table with changes during their next registration.
If your router does not have an option to disable SIP Passthrough then read on…
To disable the SIP ALG manually, you enable telnet to the device via the WWW interface.
Telnet to the device (from a command line enter “telent 192.168.1.1” or the appropriate IP address for the device.)
Issue the following commands:
nvram get nf_sip
(It should return a "1")
nvram set nf_sip=0
nvram commit
Reboot
Then reboot the router for the changes to take effect.
On Cisco devices, SIP-ALG is referred to as SIP Fixup and is enabled by default on both routers and Pix devices. Because this is a default setting, no indication of it being “on” or “off” is visible in the configuration.
To disable SIP Fixup, issue the following commands:
General Routers
no ip nat service sip tcp port 5060 no ip nat service sip udp port 5060
Enterprise-Class Routers
no ip nat service sip tcp port 5060 no ip nat service sip udp port 5060
Pix Devices
no fixup protocol sip 5060 no fixup protocol sip udp 5060
Models: 800 Series
To disable the NAT services for SIP in IOS, just run these commands:
no ip nat service sip tcp port 5060 no ip nat service sip udp port 5060
Voor de modellen: Vigor2750, Vigor2130
SIP ALG staat standaard aan. Mocht je dit willen uitzetten:
Alle andere modellen:
Time-To-Live UDP:
Er zijn enkele modellen waar de TTL voor UDP aangepast dient te worden indien gebruik worden gemaakt van het Cloudoe platform:
– Express Office / Hosted Basis: 40 seconden
– HIP / Hosted Extra: 100 seconden
By telnet command “portmaptime -l”, we can check the current value for each application.
To change the NAT timeout value, enter command
portmaptime -[protocol] [time]
Where [protocol] is a character represents the application (please use command “portmaptime ?” to check the options available), and [time] is a number of seconds. For example, if you’d like to set the timeout value of UDP session to 5 minutes (300 seconds), this can be done by the command
portmaptime -u 300
After that, you may use the command “portmaptime -l” to check if the current value has changed.
Models: All models come with SIP Helper enabled by default
To disable SIP helper:
~# telnet firewall config system settings set sip-helper disable set sip-nat-trace disable end
config system session-helper show <---- use this to find out which entry is configured for typically 12 or 13 delete 12 end
Starting from fortOS 7.0 and up use
config system settings
set sip-nat-trace disable
set default-voip-alg-mode kernel-helper-based
end
If use voip profile in firewall policy, execute:
config voip profile
edit default
config sip
set rtp disable
end
end
The preferred solution is to configure the SIP ALG. Policies that use the SIP ALG will not use SIP helper. Full documentation at http://docs.fortinet.com then pick FortiOS for the version on your device, then VoIP solutions: SIP.
Models: SSG Series
To disable SIP ALG:
In the Web interface: Security -> ALG
General Linksys Guidelines
Linksys BEFSR41
Models: WRV200, WRT610N
NAT type: Symmetrical
Issues:
To disable SIP ALG:
ToDo no ALG related options found via web and telnet. No idea of how to disable it.
To disable SIP ALG on WRT610N: Web Interface: Administration,
Management, under side heading ‘Advanced Features’ SIP ALG, can be
disabled.
Models: SBG6580 (SurfBoard Extreme Wireless Cable Modem Gateway)
Models: WGR614v9 Wireless-G Router, DGN2000 Wireless-N ADSL2+ Modem Router
Firmware V1.0.18_8.0.9NA
To disable SIP ALG:
When setting the Global Default UDP timeout value on a SonicWall firewall, you must still fix the pre-existing rules’ individual UDP timeout values. New rules will inherit the Global Default. Increase the UDP timeout to the suggested 300 seconds both globally on the firewall and the specific out-bound firewall rule (or the default rule, as the case may be).
Models: All multi-WAN models
To disable SIP ALG, go to http://<router.LAN.IP>/cgi-bin/MANGA/support.cgi
Click the “Disable” button under “SIP ALG Support”
Issues:
Models: ToDo
NAT type: No symmetrical
Issues:
To disable SIP ALG:
ToDo no ALG related options found via web and telnet. No idea of how to dissable it.
When setting the Global Default UDP timeout value on a SonicWall firewall, you must still fix the pre-existing rules’ individual UDP timeout values. New rules will inherit the Global Default. Increase the UDP timeout to the suggested 300 seconds both globally on the firewall and the specific out-bound firewall rule (or the default rule, as the case may be).
The SIP module is turned on by default and provides the following functions for SIP traffic:
Use the following commands.
system system_modules sip load
system system_modules sip unload
Note
The commands are persistent even if the Sophos Firewall is restarted.
See the SIP module status: system system_modules show
If you're using a custom port for SIP communication and you want to load the same port under the Sophos helper module, run the below command:
system system_modules sip load ports <custom_port>
The Sophos Firewall SIP helper doesn't support SIP and SDP messages spanning more than one packet. This can happen when you are using SIP over TCP.
The workaround is to use a SIP UDP control connection because, in UDP, a single SIP message is a single packet.
Models: ST530 v6 (firmware >= 5.4.0.13) comes with SIP ALG enabled by default.
NAT type: symmetrical
Issues:
To disable SIP ALG:
~# telnet router -> connection unbind application=SIP port=5060 -> saveall
Model: Edgerouter
Note: If you have mixed models of phones like Polycom/Aastra/Cisco/Panasonic, then you may experience difficulty in using ZyXEL ZyWALL routers. However, if you have only Polycom phones, please review this article to learn how to configure ZyXEL ZyWALL routers for use with Polycom phones.
Models: 660 family comes with SIP ALG enabed by default.
NAT type: symmetrical
Issues:
To disable SIP ALG:
~# telnet router Menu option "24. System Maintenance". Menu option "8. Command Interpreter Mode". ip nat service sip active 0