How to Disable SIP ALG on Popular Routers
How to Disable SIP ALG for Voiply Home Users
Written by Ryan Lowe
Please click here to check SIP ALG:
Click to check SIP ALG
Optimal results displayed below:
What is SIP ALG
SIP ALG is a feature found in most networked routers, operating as a function of its firewall. It consists of two different technologies, explained below:
Session Initiation Protocol (SIP) - The underlying service that powers all Voice over Internet Protocol (VoIP) phones, apps, and devices. SIP manages registering devices, maintaining call presence, and overseeing the call audio. Read more about SIP in our deep dive here.
Application Layer Gateway (ALG) - Routers segments your ISP and your internal network through a process known as Network Address Translation (NAT). An ALG acts as a proxy to rewrite the destination addresses in data packets for improved connectivity.
Where does SIP ALG Present Issues?
The problem with SIP ALG is the fact that most times, packet rewriting causes undesirable operation. The intent of the technology was to assist the packet flow of SIP and other packets and help solve NAT related problems. In this case, the ALG's function is to perform a stateful packet level inspection (SPI) of traffic coming through it. SIP messages would then be re-written by SIP ALG to allow the correct communication of signaling and voice traffic between endpoints and effective NAT traversal. The frequent result in lower end routers is however a hindrance for data transmission due to poor implementations of ALG that break SIP. Most commonly, the issues many experience relate to one-way or no audio, depending on who initiates the call.
In most cases, it is recommended that SIP ALG, SPI and SIP transformations are disabled.
Signs SIP ALG affects VoIP calls
There are a few categories of symptoms SIP ALG could affect VoIP phone. It's not always apparent, especially since these issues often happen silently without users knowing.
One-way audio (only one person can hear the other)
Phones do not ring when called
Calls drop after being connected
Calls going straight to voicemail for no known reason
What's happening is that some VoIP traffic is lost between the phone and the VoIP service provider. This interruption is happening because of router firewalls. This traffic is essential to maintaining the phone's availability and selecting the proper audio codecs.
How To Disable SIP ALG On Popular Routers
With most setups, it is best to disable this feature as this service usually does more harm than good. The following section will help to assist most with disabling this feature on their router. The first few sections will cover the basis of disabling SIP ALG and SPI for higher-class enterprise devices while the lower sections relate to common devices used in small offices or homes.
Netgear devices typically ship with the SIP ALG enabled. To disable you will need to do the following.
Access the Netgears WWW GUI by browsing to it's LAN IP Address. The default IP is 192.168.0.1
Login to the device. The default user is 'admin' and the default pass is 'password'
Select 'Security' → 'Firewall' → 'Advanced'
To disable the SIP ALG, uncheck the option 'Enable SIP ALG' as shown below:
Newer Netgear Devices/Netgear genie; Nighthawk 8000
To disable the SIP ALG on the Nighthawk 8000 series devices, you will need to
Login to the WWW GUI for the Router
Select Advanced → Setup → WAN Setup
Check the box labeled 'Disable SIP ALG' under the NAT filtering section:
Older versions of Asus firmware typically only support disabling the SIP ALG via the command line interface. If you do not see the option to disable the SIP ALG in the GUI, check to see if your router has a firmware update.
To disable the SIP ALG present in most later version of Asus firmware you will need to log into the GUI and browse to 'NAT Passthrough' → and set 'SIP Passthrough' to disabled as shown here:
There are a couple of steps to disabling a SIP ALG on a D-Link device.
Using the web browser of your choice, enter the D-Link routers local IP into the address bar and login when prompted
Once you have logged in, click on 'Advanced' on the top navigation bar → then click on the 'Firewall Settings' tab
Uncheck the 'Enable SPI' box as well as set 'NAT Endpoint Filtering' for TCP & UDP to 'Endpoint Independent'
After that has been set, find the 'Application Level Gateway (ALG)' configuration near the bottom and uncheck the 'SIP' field as shown below.
Save the settings and reboot the device
The RV042 will not work with firmware versions older than version 18.104.22.168 or possibly version 22.214.171.124.
Update to the latest firmware available for this device and it should function properly.
The E1700 series devices (as well as some similar LInksys models) allow disabling of the SIP ALG via the Administration tab → Management → SIP ALG section as shown here:
The DG1670A runs the same firmware as the DG860A with the additional capability of disabling the SIP ALG. Even with the SIP ALG disabled (as shown below), field reports indicate that a UDP session timer issue remains, which will continue to cause issues.
At the time this article was written, most AT&T services - whether DSL or UVERSE - are packaged with a 2WIRE device. Fortunately, the company allows disabling the service with minimal headache for most models and services. Yet, some models do not have this feature making this process cumbersome.
Type in the device IP address of http://192.168.1.254 in any browser address bar. Default username is "admin" and the password can be found on the bottom on the 2wire device.
Go to the "Firewall" menu and then select the option for "Applications, Pinholes and DMZ". Select your phone adapter from the the list of IP addresses and then the radio button to "Allow all applications (DMZplus mode)". Save the settings and you have now put your adapter in the DMZ plus zone.
SIP ALG now needs to be disabled via the ‘Management and Diagnostic Console’ that can be accessed by entering http://192.168.1.254/mdc (note that not all models of 2wire modems can access this menu and edit the settings).
If you can access this console, click on the "Configure Services" found under the "Advanced" heading.
A setting notated as "SIP Application Layer Gateway" should be unchecked - hit the \[SUBMIT\] item and follow any additional prompts. See figure 5 below for a screen shot:
Figure 5: Disabling SIP ALG on a AT&T 2Wire Modem
Some have stated that it is not possible to turn off this setting. Newer firmware deployments on current models (as of April 2015, when this article was originally written) may not allow disabling this option. Contacting customer service to remote into your device will be the only way to turn off this setting.
The Actiontec GT784WN & GT784WNV both have a SIP ALG that cannot be disabled from the HTTP administrative interface or from telnet. The issues with these devices are further compounded by the fact that the firewall, when set to the 'NAT only' setting, intermittently blocks keep alive messages from various devices.
Our recommendation to utilize the GT784WN or the GT784WNV is to set it in bridge-mode and implement a SIP compliant router behind it (use it only as a gateway).
Comcast | Xfinity
At the time this article was written (April 2015), there is no possible way to disable SIP ALG on a Comcast router by yourself. Worse yet, the company will not disable this feature for most customers.
Since both residential and business customers do not have an option to disable this setting from the router configuration menu, using VoIP means one of the following options will be necessary:
Buying the Comcast / Xfinity phone service.
Hope your service transposes appropriately with SIP ALG.
Connect another router to you gateway and put it in bridge mode.
Purchase your own modem compatible with Comcast/Xfinity.
The company locks down the devices such that the only voice service allowed is Comcast/Xfinity. The recommended solution involves purchasing a compatible modem for the service where greater control is possible. At this point, contact your VoIP vendor - many have unique firmware settings to push to the device as well as instructions for applying settings for a functional service.
Most agree that SIP ALG is the ultimate bane for VoIP services. Sadly, this technology that is supposed to help such transmissions proves to be a hindrance for virtually every product and service in existence. Though many companies have a workaround, some lack a solid solution.
We are very interested in hearing your unique problems and resolutions involving this mechanism and if you would like us to investigate other routers. Please, take a moment to comment or ask a question - we would like to help as many VoIP consumers as possible!
Updated on: 01/18/2022