Call Us Today! 877.742.2583




Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: minor updates

...

An ALG (Application Layer Gateway) is a security component, commonly found in a router or firewall device, that is supposed to enhance the ability for certain protocols to traverse NAT. A more complete discussion can be found here and here on WikiPedia and VoIP-info.

Panel
borderColorlightgray
bgColor#f7f7f7
borderStyledotted

Table of Contents
indent1ex
excludeAbout
stylenoneexcludeAbout
printablefalse

Discussion

While ostensibly a SIP ALG is designed to enhance SIP and make the notoriously problematic NAT traversal issues easier to deal with, the simple fact of the matter is that most SIP ALG's are horribly broken. Brian K West has described them as "evil" - which is not really an understatement if you've ever been burned by one. Most routers that have SIP ALG's come with them enabled by default, which means that it's up to the user or admin to dig into the configuration to disable them. The following sections contain instructions and links to more information about various devices that have SIP ALG's and how to disable them. Also, be mindful of the fact that some manufacturers have created devices whose SIP ALG's cannot be disabled. AVOID THEM LIKE THE PLAGUE. (I'm talking to you, Netgear.)

...

The only "sure fire" and universal way to defeat SIP ALGs is to use TLS. Not only does it usually run over a different port (5061) it appears just like another TLS data stream and because it's encrypted the router has no chance of modifying the payload of the packets. When in doubt, use TLS. If you're planning on doing a large SIP deployment and your devices support it, use TLS. You'll save yourself a lot of time and hassle.