disable SIP application level-gateway in firewall

Newbie164266 Lv1Posted 18 Sep 2023 13:59

Hi all.. who's know how to disable SIP application level-gateway in firewall? tq in advance.

By solving this question, you may help 649 user(s).

Posting a reply earns you 2 coins. An accepted reply earns you 20 coins and another 10 coins for replying within 10 minutes. (Expired) What is Coin?

Enter your mobile phone number and company name for better service. Go

Newbie517762 Lv4Posted 18 Sep 2023 14:19

On the Troubleshooting page, you can search by which module the data packet is rejected when passing through the gateway and why it is rejected, to locate the configuration error quickly or to test whether some rules take effect, including precise traffic analysis, global passthrough and analysis, and L2 packet passthrough.
NGAF troubleshooting.jpg

Pls find the attached for details
NGAF troubleshooting.pdf (1.03 MB, Downloads: 27)
Farina Ahmed Lv4Posted 25 Sep 2023 13:13
Last edited by Farina Ahmed 25 Sep 2023 13:14.

Stateful Inspection Proxy (SIP) Application Layer Gateway (ALG) is a feature in some firewalls and routers that helps manage and translate SIP traffic for VoIP (Voice over IP) applications. However, in some cases, you might want to disable SIP ALG if it's causing issues or conflicts with your VoIP service. Here's how you can disable SIP ALG on various types of firewalls and routers:

1. Log into your Firewall or Router:
You'll need access to your firewall or router's web interface or command-line interface. Typically, you access this by entering the device's IP address in a web browser.

2. Find the SIP ALG Setting:
The location of the SIP ALG setting varies depending on your device's manufacturer and model. Look for a "SIP ALG" or "SIP Helper" option in your firewall/router settings.

3. Disable SIP ALG:
Once you've located the SIP ALG setting, disable it. This usually involves clicking a checkbox or selecting "disable" or "off." Make sure to save your changes.

4. Reboot Your Firewall/Router (Optional):
Some devices require a reboot for changes to take effect. If you're experiencing issues even after disabling SIP ALG, try rebooting your firewall/router.

Here are some specific instructions for common firewall/router brands:

For Cisco ASA:
To disable SIP ALG on a Cisco ASA firewall, you can use the following commands in the CLI:

configure terminal
no inspect sip
write memory
For Juniper SRX:
To disable SIP ALG on a Juniper SRX firewall, you can use the following commands in the CLI:

set security alg sip disable
For Check Point Firewall:
To disable SIP ALG on a Check Point firewall, you can use the following commands in the CLI:

set sip_alg off
save config
For Netgear Routers:
The option to disable SIP ALG can usually be found under "Advanced" or "WAN Setup" in the router's web interface.

For Linksys Routers:
The option to disable SIP ALG can usually be found under "Administration" or "Applications & Gaming" in the router's web interface.

Remember that the specific steps may vary depending on your firewall/router model and firmware version. Always consult your device's documentation or manufacturer's website for the most accurate and up-to-date instructions.

After disabling SIP ALG, test your VoIP service to ensure it's functioning correctly. Disabling SIP ALG should resolve issues related to SIP traffic interference, but it's essential to monitor your network for any changes in performance or functionality.
MTR Lv2Posted 26 Sep 2023 00:09
1. Access Router/Firewall Settings:

Open a web browser and enter the IP address of your router/firewall. This is usually something like or You can find this information in your router's manual or on a sticker on the device itself.
2. Log in:

Enter your username and password. If you haven't changed these, they are usually the default credentials provided by the manufacturer. Again, you can find these in your router's manual or on the device.
3. Find SIP ALG Setting:

The location of the SIP ALG setting can vary depending on the make and model of your router/firewall. Look for options related to "SIP ALG," "SIP Passthrough," or anything related to SIP.
4. Disable SIP ALG:

Once you've found the SIP ALG setting, you should see an option to enable or disable it. Select "disable" or uncheck the box if it's a checkbox.
5. Save Changes:

After disabling SIP ALG, be sure to save your changes. There's usually a "Save" or "Apply" button at the bottom of the settings page.
6. Reboot Router/Firewall:

It's a good practice to restart your router/firewall after making any changes to ensure the settings take effect.
Remember, the exact steps can vary depending on the make and model of your router/firewall. If you're having trouble finding the SIP ALG setting, consult your router's manual or visit the manufacturer's website for specific instructions.
JunaidKhan Lv1Posted 26 Sep 2023 14:05
Last edited by JunaidKhan 26 Sep 2023 14:09.

The Palo Alto Networks firewall uses the Session Initiation Protocol (SIP) application-level gateway (ALG) to open dynamic pinholes in the firewall where NAT is enabled. However, some applications—such as VoIP—have NAT intelligence embedded in the client application. In these cases, the SIP ALG on the firewall can interfere with the signaling sessions and cause the client application to stop working.

One solution to this problem is to define an Application Override Policy for SIP, but using this approach disables the App-ID and threat detection functionality. A better approach is to disable the SIP ALG, which does not disable App-ID or threat detection.

The following procedure describes how to disable the SIP ALG.
1.        STEP 1 – select > Application.
2.        STEP 2 – select the sip Application.
You can type sip in the Search box to help find the sip application.
3.        STEP 3 –Select Customize….for  ALG in the Options section of the Application dialog box.

4.STEP 4 – Select the Disable ALG check box in the Application -      sip dialog box and click OK

5.STEP 5 –Close the Application dialog box and  Commit the change.
original 2.png
mdamores Lv1Posted 26 Sep 2023 15:09
To disable SIP ALG on a Sangfor firewall, please refer to the steps below:
1.        Access Firewall Web or Command Line Interface
­        You can access your firewall through Web interface or Command Line Interface (CLI) via SSH or console connection
2.        Login using your Admin credentials
3.        Go to SIP ALG settings
­        In Web GUI, you may navigate to the firewall or NAT settings and find the section related to Application Layer Gateway (ALG)
­        In CLI, enter the appropriate CLI command to access the ALG settings
4.        Disabling SIP ALG
­        Web GUI – look for SIP ALG option and disable it. Depending on the model, either uncheck or select the disable option
­        CLI – enter the appropriate command to disable SIP ALG settings
5.        Save to apply the changes after disabling SIP ALG. In some cases, a system reboot is required in order for the changes to take effect.
Zonger Lv3Posted 26 Sep 2023 19:07
To disable SIP (Session Initiation Protocol) application level-gateway in a firewall, you will typically need access to the firewall configuration. The steps to disable SIP ALG (Application Level Gateway) can vary depending on the firewall device and its software version.

1. Access the firewall configuration: Log in to the firewall's management interface using a web browser or SSH (Secure Shell) client, depending on the firewall model and configuration.

2. Locate the SIP ALG settings: Look for a section or menu specifically related to application-level gateways or SIP settings. This may be labeled as "SIP ALG," "SIP Inspection," or similar.

3. Disable or turn off SIP ALG: Once you've found the appropriate settings, there should be an option to enable or disable SIP ALG. Choose the option to disable it.

4. Apply the changes: Save the changes made to the SIP ALG settings and apply them to the firewall configuration.

5. Reboot or restart the firewall : Some firewalls may require a reboot or restart for the changes to take effect. Check the documentation or contact the firewall vendor if necessary.

6. Test the configuration: After disabling SIP ALG, it is important to test your SIP applications and ensure they are functioning correctly without any interference from the firewall.
jerome_itable Lv1Posted 27 Sep 2023 08:06
To disable SIP application level-gateway (ALG) in Sangfor firewall, follow these steps:

    Log in to the web interface of your Sangfor firewall.
    Go to Security > Application Control > ALG.
    In the SIP ALG section, uncheck the Enable SIP ALG checkbox.
    Click Save to apply the changes.

Note: If you are using Sangfor NGAF, you can also disable SIP ALG from the Firewall > ALG page.

Disabling SIP ALG may be necessary if you are experiencing problems with your VoIP service, such as one-way audio or call failures. However, it is important to note that disabling SIP ALG may also reduce the security of your VoIP network. Therefore, it is important to only disable SIP ALG if you are sure that it is necessary.
RegiBoy Lv5Posted 28 Sep 2023 15:11
Log in to the administration interface of the firewall.
Look for a section related to security, firewall, or NAT.
Look for an option related to SIP ALG or Application Layer Gateway.
Uncheck the box or toggle the switch to disable SIP ALG.
Apply the changes.
MISMIS Lv3Posted 28 Sep 2023 15:15
The IP address of your router or firewall should be entered in the web browser. Typically, this would be a number like or This information can be found on a sticker on your router or in the user manual.

Specify your login information. These are typically the factory-provided default credentials if you haven't changed them. Once more, you may find these in the user manual or on the router itself.

I Can Help:


Moderator on This Board


Started Topics




Started Topics



Board Leaders