How To Know If SIP ALG is the Problem, and Steps to Disable It


If you are a Voice over Internet Protocol (VoIP) user, you may experience some occasional glitches and choppy sounds. These can be caused by many fixable issues, though one in particular stands out: the Session Initiation Protocol Application Layer Gateway (SIP ALG) feature that many routers have enabled by default.

Session Initiation Protocol (SIP) is the set of rules that allows devices to communicate over the internet in a number of ways. You can think of it as a language that helps devices start, modify, and end VoIP calls—along with other communication methods like video calling and instant messaging.

Meanwhile, SIP ALG is a feature found in most networked routers, and it’s designed to improve the quality of VoIP calls. More specifically, it’s an additional layer that filters SIP traffic by rewriting packet headers on the spot.

However, sometimes SIP ALG can cause more harm than good—such as by making changes to VoIP traffic that cause your calls to drop. This can happen if SIP ALG is not configured properly or is incompatible with your VoIP provider, and anecdotal evidence suggests this is incredibly common.

How SIP ALG Is Supposed To Work

Once again, SIP is what regulates data transfer sessions for things like internet telephone calls, video calls, instant messaging, and multimedia conferencing. It is a versatile protocol that’s handy for establishing communication sessions across various networks like the internet, private IP networks, and cellular networks. It’s also relatively lightweight, making it a practical choice for use on mobile devices.

That said, since ALG is created to examine and adjust the application-level traffic of certain routers, SIP ALG should—in theory—level up the compatibility and security of SIP-based VoIP systems when they traverse firewalls and NAT devices.

SIP ALG is also designed to improve SIP traffic by reducing latency, which is the time it takes for a packet of data to travel from one device to another. It accomplishes this by prioritizing SIP traffic and reducing the number of times the router processes it. Thus, at face value, SIP ALG is a good idea from a security perspective.

The problems arise when the security is too strict. For instance, if your router were a bouncer at a party, SIP ALG would be a special bouncer trained to give VoIP traffic VIP treatment. If the bouncer goes on a power trip and starts denying entry to everyone at the door—including call traffic—then the party’s over.

This breakdown of communications can happen in multiple ways:

  • By incorrectly modifying SIP messages: This might lead to SIP devices having trouble talking to each other. For instance, SIP ALG might mess with the port numbers or remove necessary headers, causing some glitches.
  • By interfering with the way that SIP devices negotiate NAT traversal: NAT traversal is how SIP devices can chat even when behind firewalls or NAT routers. If SIP ALG gets in the way of this, it might also lead to dropped calls or lower call quality.
  • By lacking compatibility with some VoIP services: VoIP providers typically have their own particular ways of dealing with NAT traversal. If SIP ALG doesn’t mesh well with the VoIP provider’s methods, it can lead to issues, causing SIP calls to not go through.

Finally, sometimes it’s just a matter of performance. For example, consumer routers that ISPs loan out to users often have limited memory, and packets can drop if the memory buffers overflow.

Nextiva homepage.

What are the signs that SIP ALG is a problem?

It’s not always easy to figure out why you’re having call issues. However, there are some common symptoms that may indicate a SIP ALG issue:

  • One-way audio: It means that only one person can hear the other. This issue can happen consistently or come and go.
  • Call drops: Calls might suddenly cut off or drop after a brief connection.
  • Audio quality issues: Poor audio quality, including choppy or distorted sound, can also indicate SIP ALG difficulties.
  • Failed call setup: Facing trouble setting up a connection or dealing with delays during call initiation could suggest interference from SIP ALG.
  • Call timeouts: Calls may time out or fail to connect altogether.

Of course, these symptoms are not exclusive to SIP ALG issues and can be caused by other factors as well. However, if you have not disabled SIP ALG, it’s worth considering it as a possible solution to your issue. In fact, many VoIP experts believe it’s the very first step you should take.

When to use a SIP ALG detector

If you can’t determine whether or not the issues are due to your SIP ALG configuration, you can always run a SIP ALG detector. This tool helps locate devices on the network with SIP ALG enabled, and it scans the network for things that may interfere with SIP traffic.

The downside of SIP ALG detectors is that most VoIP vendors do not officially support them. You can find many detectors in open-source repositories, but your company’s cybersecurity policies might prevent you from successfully running the executable file.

How To Disable SIP ALG

Assuming you’ve identified that SIP ALG is your problem, the process for turning it off may differ from router to router. Certain routers have a user-friendly web interface for this task, while others might require using command line prompts.

The steps for disabling SIP ALG will also vary depending on your router model, but the general process is the same. The basic steps to disable the feature in a popular Netgear Router, for example, are as follows:

  • Access the router’s web interface: Launch your web browser and input your router’s IP address into the address bar. This IP address is typically provided on the router or in its documentation. For many routers, the default IP address is either or

    On the following page, you will be prompted to enter your router’s username and password. If you don’t know it, you can always try “admin” for both fields, but be sure to check any stickers on the modem or router hardware. If that doesn’t help, try calling your ISP for help with this step.

  • Navigate to the SIP ALG settings: After logging into the router’s web interface, look for the Advanced or Advanced Settings section. Within this section, locate the WAN Setup or NAT settings. SIP ALG settings are often found within these sections.
  • Disable SIP ALG: After pinpointing the SIP ALG settings, you will usually find an option to enable or disable it. In this instance, opt for disabling SIP ALG. The phrasing might differ based on the router’s interface, but it’s commonly labeled as SIP ALG, SIP Passthrough, or something similar.
  • Save and reboot: Once you’ve disabled SIP ALG, don’t forget to save the alterations made to the router’s settings. Certain routers might require a restart to implement these changes effectively. It is advisable to reboot the router to ensure the complete deactivation of the SIP ALG feature.
  • Checking the settings after rebooting your router

    After restarting, it’s a good idea to confirm that your new configurations are in place. Many ISP routers have hard-coded firmware that resets any customized settings after rebooting it. If your router has this factory configuration, simply do not reboot it and deal with the cache. It’s still better than having SIP ALG enabled when it’s causing problems.

    Netgear homepage.

    Can Disabling SIP ALG Cause Problems?

    Disabling SIP ALG has the potential to cause some trouble, but issues that arise from turning it off are both seldom and easy to undo.

    If you turn off SIP ALG during troubleshooting for a VoIP problem, and it doesn’t work, you should simply turn it back on. In this case, your VoIP solution may depend on it.

    Disabling SIP ALG could also have unintended effects that may not be evident initially. For instance, it can hold back your router from effectively handling specific traffic, like traffic from security cameras or gaming consoles. However, these problems are infrequent and can often be rectified by adjusting specific router settings, including the Quality of Service (QoS) configuration.

    Overall, turning off SIP ALG carries little risk. Most of the time, disabling SIP ALG will not cause any issues, and it may even enhance the efficiency of your VoIP programs.

    Alternatives to SIP ALG for VoIP users

    A more straightforward solution to SIP ALG is to use Transport Layer Security (TLS) for secure communication and forget about SIP ALG altogether. Most servers have ways to handle NAT without needing SIP ALG, and these methods often work better.

    TLS is often configured at the application or server level rather than the router level. For example, if you use a VoIP service, you would configure TLS within the platform’s own user application.

    TLS sounds fancy, but it’s a widespread standard. In fact, your provider may have it set up by default. Even HTTPS sites use it to establish an encrypted connection.

    Final Thoughts on SIP ALG

    SIP ALG has the best of intentions. When it comes to VoIP, it rewrites the destination address to inform the server of the router’s public IP address rather than the phone’s private IP address.

    This is excellent in theory but not so great in practice. Certain routers used by giant providers like AT&T can rewrite the wrong public IP address because they have multiple IPs for different media products, and they can also overflow fairly easily.

    But turning off SIP ALG is also fairly easy. By testing your VoIP calls before and after turning it off, you can confirm if you should remove it from your setup.

    Source link

    You might also like