Blog of Cody Deluisio

Tips, tricks, and other

Cody Deluisio

Steps to Disable SIP ALG by Router Manufacturer

1. Actiontec

  • Access Advanced Settings:
    Select “Advanced”, click “Yes” to accept the warning, then click “ALG’s”.
  • Disable SIP ALG:
    Ensure SIP ALG is disabled by removing the checkmark.
  • Apply Settings:
    Click “Apply”.
  • Remote Administration:
    Select “Advanced”, click “Yes” to accept the warning, then click “Remote Administration”.
  • Allow Incoming WAN ICMP Echo Requests:
    Click the checkbox to “Allow Incoming WAN ICMP Echo Requests” (for traceroute and ping), then click “Apply”.

2. Adtran

  • Access ALG Settings:
    Under “Firewall”, go to “Firewall / ACLs”. Click on “ALG Settings”.
  • Disable SIP ALG:
    Uncheck the box labeled “SIP ALG”.
  • Apply Settings:
    Click “Apply”.
  • Terminal Command (Optional):
    If using the terminal, issue the command:
    no ip firewall alg sip

3. Arris

  • Most Arris Broadband Gateways:
  • Access Gateway:
    Navigate to the gateway’s IP (192.168.0.1). Username: admin, Password: motorola.
  • Disable SIP ALG:
    Navigate to “Advanced”, then “Options”. Uncheck the “SIP” box.
  • Apply Settings:
    Click “Apply”.
  • Arris BGW210:
  • Access Gateway:
    Navigate to 192.168.1.254. Authenticate using the password on the unit’s sticker.
  • Advanced Firewall Settings:
    Under “Firewall”, click on “Advanced Firewall”. Turn off the “Set SIP ALG”, “Authentication Header Forwarding”, and “ESP Header Forwarding”.
  • Save Settings:
    Click “Save”.

4. Asus

  • Access WAN Settings:
    Under the “Advanced Settings” section, click “WAN”.
  • Disable SIP Passthrough:
    Click the “NAT Passthrough” tab and set “SIP Passthrough” to “Disable”.
  • Apply Settings:
    Click “Apply”.

5. AT&T

  • U-Verse Pace 5268AC Gateway:
    This gateway does not support disabling SIP ALG. It is recommended to configure the gateway in Bridge Mode (modem only) and use another router that supports disabling SIP ALG.

6. Cisco

  • Cisco General and Enterprise-Class Routers:
    Enter the following commands:
  no ip nat service sip tcp port 5060
  no ip nat service sip udp port 5060
  • Cisco PIX Routers:
    Enter the following commands:
  no fixup protocol sip 5060
  no fixup protocol sip udp 5060
  • Cisco ASA Routers:
    Locate ‘Class inspection_default’ under ‘Policy-map global_policy’ and enter:
  no inspect sip
  • General D-Link Routers:
  • Access ALG Configuration:
    Click on “Advanced Settings”. Locate the “Application Level Gateway (ALG) Configuration”.
  • Disable SIP ALG:
    Uncheck the “SIP” option.
  • Save Settings:
    Click “Save”.
  • DIR-655:
  • Access Firewall Settings:
    Click “Advanced” at the top, then “Firewall Settings” on the left.
  • Disable SIP ALG:
    Uncheck “Enable SPI”, set both “UDP” and “TCP Endpoint Filtering” to “Endpoint Independent”, and uncheck “SIP” from the Application Level Gateway Configuration.
  • Save Settings:
    Click “Save”.

8. Fortinet

  • CLI Commands:
    Enter the following commands:
  config system session-helper
  show system session-helper
  • Find and Delete SIP Session:
    Locate the SIP session instance (typically #12) and delete it.
    bash delete 12 show system session-helper

9. Linksys

  • Linksys Smart Wi-Fi (E-series):
  • Access Connectivity Settings:
    On the left side, click on “Connectivity”. Click the “Administration” tab.
  • Disable SIP ALG:
    Under “Application Layer Gateway”, verify “SIP” is unchecked.
  • Apply or Save:
    Click “Apply” or “Save”.
  • Older Linksys Models:
  • Access Advanced Settings:
    Go to the “Advanced” section on the Admin page and disable the “SIP ALG” feature.
  • Linksys BEFSR41:
  • Port Triggering:
    Click on “Applications and Gaming” on the Admin page, then “Port Triggering”.
    • Type in TCP as the application and 5060 in both the “Start Port” and “End Port” for the “Triggering Range” and “Forwarded Range” fields.
    • Check “Enable”, then click “Save” and reboot the router.

10. Mikrotik

  • Winbox Software:
  • Disable SIP ALG:
    Navigate to “IP”, then “Firewall”. Click on the “Service Ports” tab and disable SIP Helper.
  • Terminal Command:
  • Run the following command:
    bash /ip firewall service-port disable sip

11. Netgear

  • Netgear Routers with Genie Interface:
  • Access WAN Setup:
    Select the “Advanced” tab at the top, expand the “Setup” menu on the left, and click “WAN Setup”.
  • Disable SIP ALG:
    Check the box labeled “Disable SIP ALG”.
  • Other Netgear Routers:
  • Access Security/Firewall Settings:
    Click on “Advanced Settings” under “Security/Firewall”. Disable “SIP ALG” and locate “Session Limit”.
  • Increase UDP Timeout:
    Set the UDP timeout to 300 seconds.

12. SonicWall

  • VoIP Settings:
  • Enable Consistent NAT:
    Under “System Setup” on the left, click on “VoIP”, then check “Enable Consistent NAT” and uncheck “Enable SIP Transformations”.
  • Apply Settings:
    Click “Accept”.
  • Increase UDP Timeouts:
  • Navigate to Flood Protection:
    Go to “Firewall Settings”, then “Flood Protection”, click on the UDP tab and modify the default UDP connection timeout to 300 seconds.
  • Save Settings:
    Click the “Accept” button.
  • Newer TP-Link Routers (Archer series):
  • Disable SIP ALG:
    Click on the “Advanced” tab, expand the “NAT Forwarding” menu, and uncheck “SIP ALG”, “RTSP ALG”, and “H323 ALG”.
  • Save Settings:
    Click “Save”.
  • Older TP-Link Routers:
  • Terminal Command:
    • Use the Telnet client from the Command Prompt and apply the command:
      bash ip nat service sip sw off

14. UBEE

  • Disable SIP and RTSP:
  • Access Advanced Settings:
    Go to “Advanced”, then “Options”.
  • Uncheck SIP and RTSP:
    Uncheck the “SIP” and the “RTSP” checkboxes.
  • Apply Settings:
    Click “Apply”.

15. Ubiquiti

  • UniFi Security Gateway:
  • Access Firewall Settings:
    Sign in, click on “Routing & Firewall” on the left, then “Firewall” at the top, and click “Settings”. Toggle “H.323” and “SIP” to off.
  • Apply Changes:
    Click “Apply Changes”.
  • EdgeRouters (ER-x):
  • Config Tree:
    • Access the administrative interface, typically at 192.168.1.1.
    • Use the “Config Tree” or a CLI to disable SIP ALG.
    • Select “Config Tree”, expand “system”, “conntrack”, “modules”, and “sip”. Click the plus sign next to “disable”. Preview and apply changes.
  • Command Line Interface:
    • From the CLI, enter the following commands:
      bash configure set system conntrack modules sip disable set system conntrack timeout udp stream 300 set system conntrack timeout udp other 300 commit save exit

16. Verizon FiOS

  • G1100 Gateway:
    This gateway does not support disabling SIP ALG. It is recommended to configure the gateway in Bridge Mode and use another router that supports disabling SIP ALG.

17. ZyXEL

  • ZyWALL/USG60:
  • Access ALG Settings:
    Click on “Configuration”, expand

Categories:

Tags:

, ,

About The Author:

Cody Deluisio is a dedicated network engineer specializing in hotel PBX systems and network solutions, with expertise in UniFi, Aruba, Ruckus, and a variety of other technologies. Outside of his tech career, Cody runs an organic farm in Bell Township, PA, where he focuses on sustainable and regenerative farming practices. Balancing the fast-paced world of networking with the tranquility of farm life, Cody brings a unique perspective to both his professional and personal endeavors.