How to disable SIP ALG in Prisma Access

How to disable SIP ALG in Prisma Access

20221
Created On 04/27/22 03:06 AM - Last Modified 01/14/23 04:31 AM


Objective


To disable SIP(Session initiation protocol)  ALG (Application level gateway) in the Prisma Access environment either to troubleshoot a VOIP (Voice over Internet protocol) issue or a requirement from the VOIP vendor.

Note: Disable of the SIP ALG in Palo Alto Network Strata firewalls is documented here 

 

Environment


  • Prisma Access managed by Panorama
  • Prisma Access Cloud managed.

Procedure


  1. Create an Application override policy for the SIP ports involved for the Prisma Access.
  2. If there are separate port ranges needed, create the custom app and separate application override rule.
  3. Create separate rules for TCP and UDP based custom applications.
  4. Disabling the SIP ALG directly on the predefined application is Not supported for Prisma Access.
  5. For more details about the steps for application override, refer to the document below.

Tips & Tricks: How To Create An Application Override.

Additional Information


  • There is no difference in terms of functionality when disabling SIP ALG between the Strata Next generation firewall and Prisma Access.
  • Since the Prisma Access uses central management for configuration across multiple locations, Individual application modification is not efficient and application override is recommended.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000004OKsCAM&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language