Router/Modems that could have potential issues with Voiply Home
Router/Modems that could have potential issues with Voiply Home
_Written by Ryan Lowe
Note: In the latest firmware updates the option to turn off SIP-ALG was removed
The DHCP server on this device has known software issue that causes devices to lose their IP and get a new IP frequently.
Login into the Arris gateway.
Click on Firewall tab at the top of the page > Firewall Settings > Do the following:
• Firewall: Leave checked
• DoS Attack Protection Firewall: Leave checked
• This optional step is needed for call quality monitoring and troubleshooting purposes.
o Ping Blocking: Uncheck
• Block Fragmented IP Packets: Leave checked
• Firewall Settings>ALG
o SIP: Uncheck
o Depending on the firmware version of you Arris gateway, you may or may not have this option.
o If you do not, you will need to call your ISP to have them upgrade the gateway's firmware to the latest version.
• Click Apply to save.
If any of the above options are not present, then purchase a recommended router:
• Purchase a recommended router if you do not have one already.
• Voiply cannot setup the new router for you, but your IT or the manufacturer of your new router can help you.
• Call your Cable ISP to bridge your internet gateway to your new router.
• Note: It is at the discretion of the ISP, whether or not they will allow the modem to be bridged. If they choose to deny the request, then the above resolution will apply.
Verizon FiOS G1100 modem
SIP ALG is enabled by default and Verizon has not provided a method for the end-user to disable SIP ALG. It is not known if Verizon has the capability to disable SIP ALG remotely.
DNS servers need to be configured to a set of efficient DNS servers in order to prevent issues with registration on Polycom phones.
It is known that Frontier also supplies customers with ARRIS NVG 468MQ for FIOS and this device and FW allow to disable SIP ALG and modify DNS settings. If you have Frontier then get in touch with Frontier and request to change your gateway to this device instead of G1100 modem.
If this option is not available, then reference the Recommended Routers list and bridging the modem steps below.
This document describes how to configure a Verizon FiOS G1100 (should also work for the Frontier version of this device) to act in bridge mode. This mode deactivates some cable television features, but it allows another router to obtain an IP address directly from Verizon. Other users have documented these steps in publications such as DSL Reports.
Login to the G1100 from a computer that is directly connected to one of the G1100’s LAN ports.
Select Wireless Settings > Basic Security Settings, and turn off 2.4 Ghz and 5 GHz wireless. Click Apply.
Select Wireless Settings > Advanced Security Settings, and disable 2.4 GHz and 5 GHz SSID broadcasting.
Select Firewall, and set Minimum Security for both IPv4 and IPv6. Click Apply.
Select My Network > Network Connections > Advanced. Disable the listed access points, and click Apply.
Note the listed broadband connection. Select it, along with Settings, and uncheck Internet Connection Firewall. Set Internet Protocol to No IP Address. Click Apply. At this point, you will lose your connection to the Internet through the G1100.
Click Release and then Apply.
Select My Network > Network Connections > Network (Home/Office). Change the G1100’s IP address to 192.168.1.2 so as not to conflict with the replacement router. Under the bridge section, check Broadband Connection (Ethernet/Coax) and uncheck both wireless APs. Change IP Address Distribution to Disabled.
Click Apply. The G1100 is now in bridge mode, so it will no longer obtain an IP address. Connect your replacement router to one of the G1100’s LAN ports. From this point forward, you can interact with the G1100 by connecting a computer to its WAN port and manually assigning the computer an IP address on the 192.168.1.0/24 network.
Note: If this device is receiving a WAN connection via ethernet, then you can remove the G1100 and attach the ethernet cable directly to the 3rd party/compatible router. Use the following steps.
Important: This will not work if the G1100 is receiving its WAN connection via coaxial cable, This is for Ethernet WAN connections only.
Unplug the power from the ONT (Optical Network Translator).
Unplug the battery backup.
Wait 5 minutes and then plug both back in.
Connect the ethernet cable from the ONT directly into the WAN/Internet port of the 3rd party/compatible router.
Note: The DNS settings on this device are no longer accessible. Verizon has released a firmware update that has “greyed” out this option.
SIP ALG is enabled by default and cannot be disabled. It will cause intermittent one-way audio, call/fax failures, and many phone feature failures.
Replace your router with a recommended one if you do not have one already.
Voiply cannot setup the new router for you, but your IT or the manufacturer of your new router can help you.
They will need to move settings from the old to the new router to ensure your computers and other devices on the network work properly.
2Wire & Pace Internet Gateways, Any
These gateways have SIP ALG enabled by default and they provide no option in their web interface to disable it. This setting causes intermittent phone feature failures.
The WAN and DHCP DNS servers cannot be changed, causing frequent DNS lookup failures on Polycom phones. This causes those phones to lose registration.
There is no true bridge mode on these gateways. However, you can still configure it so it doesn't interfere with your phones.
The Pace gateways have a hardcoded UDP NAT session limit that is too short, causing intermittent phone registration and feature failures.
The instructions below may vary slightly depending on the firmware and model number of the 2Wire or Pace gateway you have. Models include but are not limited to the 3800HGV-B, Pace PLC 3801HGV, Pace PLC 5031NV, Pace PLC 5168NV-110, & others.
Voiply cannot do steps 1-6 for you. You will need to contact your IT or get help from the manufacturer of your new router to make the changes in steps 1-6.
Find out if you have a separate router that isn't the 2Wire/Pace gateway that is compatible with our service. If you don't, you or your IT will need to purchase and install a Recommended Router.
You or your IT will need to move important network settings, such as custom port forwarding rules, from the 2Wire/Pace gateway to the new router to ensure your computers and other devices on the network work properly before proceeding to the following steps.
You or your IT needs to setup your new router's WAN interface to get an IP address via DHCP. This is required so that the 2Wire/Pace gateway recognizes your new router automatically.
Most new routers have the WAN DHCP setting enabled by default, but some routers, like the Linksys E & EA series routers, require running a setup CD or following a user guide before this setting will be enabled.
Only one device can be in Passthrough (DMZplus) mode at any given time. If there is already a device using Passthrough (DMZplus) mode, it will need to be removed prior to following the steps below.
The following steps will take your network offline for 30 minutes or longer. Make sure to do this during a time when you can afford to be disconnected.
You or your IT will also need to make sure your new router and the 2Wire/Pace gateway don't use the same private subnet 192.168.1.0/24.
The 2Wire/Pace and many new routers use the 192.168.1.0/24 subnet by default.
If you don't have an IT, contact your ISP first to change the subnet on the 2Wire/Pace to another private subnet, and then call manufacturer of your new router for help setting up the router to use the 192.168.1.0/24 subnet if it isn't already.
Your 2Wire/Pace device is still using the default 192.168.1.0/24 subnet.
You or your IT will need to unplug all Ethernet cables from the 1, 2, 3, & 4 LAN ports on the back of your 2Wire/Pace gateway.
Connect an Ethernet cable into your new router's WAN/Internet port. Then plug the other end into the 1, 2, 3, or 4 LAN port on your 2Wire/Pace gateway.
Restart your router and wait 1 minute to allow it to get an IP address from the 2Wire/Pace.
Log into the 2Wire router's interface. The default IP address for this device is 192.168.1.254.
Go to Settings > Firewall > Advanced Configuration.
The following settings need to be disabled so that 2Wire/Pace gateway doesn't interfere with traffic to your new router. Your new router will be the firewall that protects your network.
Under the Enhanced Security section:
Stealth Mode: Uncheck.
Block Ping: Uncheck.
Strict UDP Session Control: Uncheck.
UDP Session Timeout: Leave set at the default 600.
TCP Session Timeout: Leave set at the default 86400.
Under Outbound Protocol Control, check every box except NetBIOS.
Under Inbound Protocol Control, leave NetBIOS unchecked.
Under Attack Detection, uncheck all boxes in this section (there's usually 7 of them).
Click on Save.
Go to Settings > Firewall > Applications, Pinholes, and DMZ.
Under the section named '1) Select a computer', click on the IP address or hostname of your router that should be listed. See the image below for details.
Under the section name '2) Edit firewall settings for this computer'. click on Allow all applications (DMZplus mode).
Click on Save.
The 2Wire/Pace gateway should restart automatically. Wait 1 minute.
When it does, confirm that the new router has a public IP address under the Settings > Firewall > Status.
If your new router doesn't have a public address yet:
Powercycle your new router manually. When it boots back up, the router should have a public address now. If your router still doesn't have a public IP address, contact your IT or your ISP for help from here.
If your new router does have a public address now, then you should be done.
However, some enterprise-grade firewalls may need to be configured to allow the DHCP renewal packets that the 2Wire/Pace gateway sends every 10 minutes. The other option is you or your IT can change your router's WAN interface IP address assignment to Static and use the same IP settings the router received via DHCP. Voiply cannot do this for you.
Inbound ports 22 and 8000-8015 may be blocked, but unfortunately 2Wire/Pace do not provide a solution to that issue.
Updated on: 04/21/2021