Scott,
We experienced the same thing when wanting to disable SIP ALG on our SonicWall firewalls. The main reason we need to do this, was we were seeing that when increasing SIP traffic, that the firewall CPUs would get too busy and in turn cause it to delay everything it was configured for. It also appears that many recommendations are out there to disable SIP ALG on firewalls. So, we were also told that an SBC was the way to go (but are not cheap).
So, you found that the issue, once ALG disabled, that ensuring those packets were not attempted to be decrypted solved the issue?
As I understood, SIP ALG was needed to substitute private / public IPs in the app layer of the packets - in your solution do you think this is being done by a different device like a gateway, or is PureConnect somehow already managing this?
I am intrigued to learn more about this, and how you have handled this.
Thanks!
------------------------------
Josh Zets
Incept
------------------------------
Original Message:
Sent: 08-02-2021 08:54
From: Scott WilliAMs
Subject: SIP ALG
Hi All,
Our firewall was decrypting the SIP/RTP packet when we disabled ALG which was causing our issues. Once we made a policy to avoid decrypting any packets to our media Server audio started working.
Thank you,
Scott
------------------------------
Scott WilliAMs
Missouri Higher Education Loan Authority
Original Message:
Sent: 07-23-2021 23:28
From: Richard Presling
Subject: SIP ALG
Are your SIP Softphones operating across the internet or across a VPN?
If they are across a VPN you shouldn't use NAT to translate the internal IP addresses to public IP addresses.
As mentioned, I've seen issues with ALG enabled, but not without.
Cheers,
------------------------------
Richard Presling
Pyrios / AGC Networks / Black Box New Zealand
Original Message:
Sent: 07-22-2021 10:05
From: Scott WilliAMs
Subject: SIP ALG
Hi All,
I have hit a wall and hoping somebody has some experience with SIP ALG configuration. Since our Purceonnect Install 7 years ago, we have and SIP ALG enabled on our Palo Alto firewalls. A business change requires us to disabled SIP ALG, but when we do we see our SIP Softphones Audio no longer works.
The call is made, but no RTP stream is started. Genesis says they normally see problems when SIP ALG is enabled so not sure why we would be seeing issues with it disabled. I do not have access to our firewall, so i have limited understanding of any configuration that might exist causing this.
Has anybody experienced this no Audio when disabling SIP ALG?
Thank you,
Scott
#Implementation
#SIP/VolP
#Telephony
------------------------------
Scott WilliAMs
Missouri Higher Education Loan Authority
------------------------------