What is SIP ALG?
SIP

What is SIP ALG?

SIP ALG is an Application Layer Gateway intended to provide protection to private IP addresses on a NAT'd (Network Address Translated) network. It's a "feature" that runs on a firewall and/or router. All good firewalls allow this "feature" to be turned off in their settings and good business-grade routers like the Draytek series have it disabled by default.

In many cases, it is poorly implemented and actually causes more problems than it solves. Yay and other VoIP providers regularly find that the SIP ALG modifies SIP packets in unexpected ways, corrupting them and making them unreadable. The symptoms of SIP ALG are:

  • Hardware Phones and Softphones not registering with our platform at all.
  • Hardware Phones and Softphones look like they are registered but are unable to receive call control data in or out to make your phone ring or transfer between callers.
  • One way audio, created by SIP ALG stopping our data from reaching your network.

SIP ALG doesn't always show its colours straight away. Algorithms on firewalls will often be deciding at which point SIP ALG is to inspect your traffic, it could be on your first VoIP calls, it could be following a certain set pattern of traffic.

We regularly see particularly poor implementations on the giveaway routers that come with broadband connections and we would always recommend replacing them with a proper business-grade router like the Draytek series to eradicate the problem altogether. On the same giveaway routers, we sometimes even see SIP ALG continue to interfere with traffic despite being set to "off" on a router; the router clearly ignoring the instruction it's been given.

Disabling SIP ALG To see if your router/firewall may be affected by SIP ALG, simply "Google" the make and model of your router/firewall followed by the words SIP ALG. Remember VoIP uses standard protocols, so we can assure you if it's a problem for you and Yay, it will be a problem for many others. There will be plenty of commentary on whether it can be disabled and if so what the steps are to do it. If you are able to disable SIP ALG, make sure you reboot the router immediately following its removal and then reboot each hardware phone/softphone on your network too. That's vital so you can be sure both SIP ALG has been disabled, but also that your devices have a fresh connection to our platform; so we know the correct way to reach you on your network. When doing this we would also suggest disabling 'Conntrack SIP ALG' if your router has it and this setting can often be found in the same place as SIP ALG.

Anything else I can try Some of our users have had some success combatting SIP ALG on some routers by encrypting both their SIP (Activating TLS) and RTP traffic (activating SRTP) on their devices. Not all hardware phones and softphones permit TLS or SRTP, but you could try looking for these settings on your phones and activating them on both your phone and in the Yay dashboard. It's easy to introduce more problems than you solve by doing this, so be sure to read this FAQ on encryptionVERY carefully first.

Video: Find out about SIP ALG on your broadband router

View this video to learn more about SIP ALG and why you should consider disabling it on your router to improve phone call performance.

 

If you need any further help today, please don't hesitate to contact our friendly support team on 0330 122 6000 or by email!

Did you find this helpful?

New to Cloud Telephony?
Join one of our free live webinars!
Join one of our twice weekly webinars for a guided tour of our business phone system and features.