SIP ALG: What Is It & Why VoIP Users Should Disable It
So, you set up your VoIP phone system, but you're experiencing dropped calls, no incoming calls, or your phone keeps ringing after you pick up.
The good news is that you will be able to instantly resolve your Voice over IP issues once you disable SIP ALG.
In this updated guide, we'll cover why SIP ALG must be turned off, and we'll include tips to optimize your network for VoIP phone service.
- What is SIP ALG?
- Signs SIP ALG affects VoIP calls
- How do I turn off SIP ALG on my router?
- Why disable SIP ALG?
- Best practices for reliable VoIP performance
What is SIP ALG?
SIP ALG is a feature found in most networked routers, operating as a function of its firewall. It consists of two different technologies, explained below:
- Session Initiation Protocol (SIP) - The underlying service that powers all Voice over Internet Protocol (VoIP) phones, apps, and devices. SIP manages registering devices, maintaining call presence, and overseeing the call audio. Read more about SIP in our deep dive here.
- Application Layer Gateway (ALG) - Routers segments your ISP and your internal network through a process known as Network Address Translation (NAT). An ALG acts as a proxy to rewrite the destination addresses in data packets for improved connectivity.
Today's office PBX systems, conference calls, and even audio/video conferencing rely on SIP. Signaling protocols like SDP, RTP, and RTSP all face the same issues because they are a subset of SIP packets.
Signs SIP ALG affects VoIP calls
There are a few categories of symptoms SIP ALG could affect VoIP phones. It's not always apparent, especially since these issues often happen silently without users knowing.
- One-way audio (only one person can hear the other)
- Phones do not ring when called
- Calls drop after being connected
- Calls going straight to voicemail for no known reason
What's happening is that some VoIP traffic is lost between the phone and the VoIP service provider. This interruption is happening because of router firewalls. This traffic is essential to maintaining the phone's availability and selecting the proper audio codecs.
Many routers default SIP ALG to on within their device's firmware. Thanks to easy and simple web interfaces, simply check or uncheck a box. Pictured below is an example:
How do I turn off SIP ALG?
To disable SIP ALG, you will need to log into your router. Your router can also function as a modem for some broadband gateways. Popular brands of routers include Cisco, Linksys, Netgear, D-Link, Asus, and TP-Link.
We've compiled a list of the top routers and included links to disable the Application Layer Gateway, which can interfere with VoIP calls.
In most cases, you will need to sign in to your router with the admin password. Look under its security settings, uncheck SIP ALG, save and reboot your router. More advanced corporate firewalls may require further adjustment, such as port forwarding.
Why disable SIP ALG?
Conventional wisdom would suggest that an Application-Level Gateway is supposed to be enabled. After all, many consumer and commercial router settings even default SIP ALG to on.
As a feature in most broadband routers, SIP ALG was introduced with good intentions in response to the limitations of Network Address Translation. Unfortunately, it interferes with the built-in functionality of IP and signaling protocols. It’s no longer necessary with today’s VoIP applications.
Since ALGs exist at the Application Layer of the OSI Model, it doesn’t consider the datagrams within transport protocols like UDP or TCP. VoIP signaling protocols solve these common issues by including the public and private IP addresses in every packet.
Some routers try to improve security by terminating open connections in the firewall. Dubbed a "firewall pinhole," it means that traffic can work momentarily, but when a SIP proxy drops packets, it can affect VoIP calls after you establish them.
Related Articles
Defeating ALG's
What is an ALG? ALG's, or Application Layer Gateway's (also sometimes called SIP Helpers), are software components embedded within most routers and firewall's designed for the SOHO or SME market. Their intention is to allow VoIP traffic to traverse ...Voicemail Access
Voicemail Access There are a number of ways to access your voicemails Calling from a Connect it handset to your own voicemail Dial 1571 from your handset. This will then prompt you for a 4 digit PIN followed by #. This is the same as your Phone ...Record and Use personal messages via Voice Portal
This guide details the process of recording and using a personal message via the voice portal. Process Press the messages button on the telephone, or dial the voice portal number for the group Enter the pin Press 1 to access the voicemail box Press 2 ...Firewall Configuration
To allow you and your customer to lock down site firewalls, here we document the active ports and their services used by Connect it. For firewall configurations that allow any outbound traffic, and its returning inbound traffic, you should not need ...How to display a user's Call Log
How to display a user's Call Log To display a user's call log, you must first log into Loki Portals If the domain portion of your userId is 'connect-it.co', please only enter the local part as the system's default domain will be automatically added. ...