How to Detect and Disable a SIP ALG
If you’re reading this article, you’re probably dealing with some strange VoIP issues that are driving you or one of your customers insane. If it is a SIP ALG issue you may have issues like:
- one-way audio
- no audio
- dropped calls
- phones not ringing
- broken blf keys
- or something even stranger
Basically, something weird in the behavior of the call that’s not really related to the audio quality itself. If this sounds like what you’re going through, then there’s a good chance you’re dealing with a SIP ALG – a sneaky, typically un-needed network feature that destroys VoIP calls and exists on almost ALL internet modems, routers and firewalls. It even exists in some managed switches. And by default! Now don’t get me wrong; ISPs, firewalls, VoIP devices and not-so-IT admins are sometimes to blame too. Even still, SIP ALGs are the enemy in this article.
What is a SIP ALG?
In simple terms, it’s a networking feature that reads, manipulates and re-writes SIP messages between VoIP devices on your network with private addresses and a VoIP service in the Cloud with a public address. It’s supposed to help VoIP calls connect better and resolve NAT related issues. Instead, they almost always create problems. And because SIP ALGs are not standardized, they all modify SIP packets in unexpected ways making your VoIP calling experience wildly unpredictable.
Why do network equipment manufacturers create and enable this feature by default?
I don’t know. Perhaps they have a dark sense of humor. Or maybe they don’t use the internet and see all the pain and suffering they’re causing for customers, IT admins and VoIP providers. Either way, if you’re currently experiencing any of the issues listed above, here are some tools and tips for detecting and disabling a SIP ALG that may be bothering you.
Detecting and Disabling SIP ALG’s
1.) Run a SIP ALG Detector Test.
This has to be your first step. It’s the also fastest and easiest way to check if you’re on the right track. A quick google search for “SIP ALG detector” will find you a couple of web tests and client-based tools that can check for you – like this one on our support site. Make sure to run the test using a PC on the same network as the affected VoIP device. Also, being on a different cable run, VLAN, subnet, managed switch port, etc… could route your test traffic through a different path leading to inaccurate results.
If the test confirms you’re indeed suffering from the SIP ALG blues, then that’s great news! Now that you know what the problem is, you can start fixing it. However, if the test is negative, I’d still stay suspicious. Double-check that you’re definitely on the same network, subnet, etc… as the VoIP device. Either way checking the SIP ALG settings described below won’t hurt and may also help find other solutions along the way.
2.) Disable SIP ALG on your Router.
Every router is different so you will need to refer to the instructions for your make and model. We have a list of instructions for some common routers on our kb. If we don’t have your router a little google searching often finds you the answer. Try searching for something like “Disable SIP ALG {vendor} {model}”. After this you can run the test again, but you’ll still need to check any internet modems that may exist.
3.) Disable SIP ALG on the Internet Modem.
In most cases buying and installing your own modem is the BEST option here. First off, it gives you much better control of your network. And by having your own modem the ISP can’t force certain settings or features that may not align with your networking or security needs. Second, it’s much cheaper. In most cases, a great modem cost under $100 on Amazon vs renting it from the ISP for $15-20 per month. Third, the ISP can’t accidentally reverse settings they or you may have applied manually. This happens all the time when they push out global updates in the middle of the night. Default settings get re-applied making prior issues return without notice. Before buying a new modem make sure to check your ISPs support page for compatible models.
What if I can’t replace the modem?
If replacing the modem now isn’t an option, disabling the SIP ALG on the modem is usually possible. Just like routers every modem is different. Try searching for instructions for your make and model using the method above. However, this setting change often requires the ISPs support. This means contacting their help desk and requesting that they disable the feature for you.
Some words of wisdom here… Never trust the technician. Seriously, they mean well but they’re not as techie as a technician should be. After the support agent claims they disabled it run the SIP ALG client-based test again and check for yourself. Before they hang up!
Aditionally, like I mentioned above, it’s not uncommon for modems to receive updates and clobber any settings that you or even the ISPs support agents may have applied. If any issues mysteriously return, quickly run the test again.
4.) Disable SIP ALG on a Managed Switch.
Most small business customers won’t have this scenario, but some layer 3 managed switches are known to have a built-in SIP ALG as well. If you have one of these devices you’re likely to have more sophisticated networking needs and experiences. Either way, the options are still the same. Find your instructions and then get it disabled.
5.) If all else fails, try these last steps…
a.) Use another local and external SIP port. Some SIP ALGs identify VoIP traffic based on the ports being used. Ask your VoIP provider if they “listen” on any alternate ports other than “5060”. If so, try configuring your VoIP device to use random SIP ports to try to sneak by the SIP ALG undetected. At RingLogix we listen on a few different ports to enable this workaround.
b.) Try using TCP instead of UDP. Because of how some SIP ALGs detect VoIP traffic, switching to TCP can sometimes let your calls sneak by. If you’re experiencing BLF or presence issues, especially with Polycom phones, switching to TCP is often a great solution. Your Cloud Service Providers switch needs support for this. RingLogix partners can switch to TCP support for any supported device directly in the PBX Portal and trigger an auto-provisioning re-sync without needing access to the device.
In conclusion…
Hopefully, these tips and instructions helped fix your problem and eliminated any pesky SIP ALGs affecting your service. If not, I’m sorry. However, your troubleshooting journey isn’t over. If you haven’t already, it’s time to bring out the laptop, mirrors some ports, and start running Wireshark.
[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section]