How to Disable SIP ALG

How to Disable SIP ALG

234078
Created On 09/25/18 17:19 PM - Last Modified 09/09/22 07:13 AM


Resolution

Overview

The ability to disable SIP ALG (Application Layer Gateway) was introduced in PAN-OS 6.0.

SIP ALG performs NAT on the payload and opens dynamic pinholes for media ports. This may cause issues for some SIP implementations. This document describes how to disable SIP ALG.

Note: The option to disable SIP ALG is available on the Palo Alto Networks firewall and is a device-wide option. This feature is not supported on Panorama.

 

Steps

Inside of the WebGUI

Disabling this feature will prevent the firewall from translating the payload.

  1. Go to Objects > Applications and perform a search for the SIP application, as shown below:
    Screen Shot 2013-12-17 at 08.30.56.png
     
  2. Open the SIP application. The ALG setting can be seen in the Options section at the lower right area of the display.
  3. Click on Customize to bring up the settings dialog and check Disable ALG:
    Screen Shot 2013-11-15 at 13.19.40.png

 

On the CLI

Use the following command to disable the SIP ALG:

> configure
# set shared alg-override application sip alg-disabled yes|no
# commit

 

Note: Not all phone system implementations use the SIP application. In some cases, vendors like Cisco will use applications such as RTP and RTCP. In these cases, if the phones are experiencing issues it might be necessary to perform an application override for the specific phone traffic.

 

For more information seeTips & Tricks: How to Create an Application Override

 

owner: rvanderveken



 Attachments
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClEsCAK&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language