So, you set up your VoIP phone system, but you’re experiencing dropped calls, no incoming calls, or your phone keeps ringing after you pick up.
The good news is that you will be able to instantly resolve your Voice over IP issues once you disable SIP ALG.
In this updated guide, we’ll cover why SIP ALG must be turned off, and we’ll include tips to optimize your network for VoIP phone service.
This guide is perfect for novices as well as advanced users. Let’s get started!
- What is SIP ALG?
- Signs SIP ALG affects VoIP calls
- How do I turn off SIP ALG on my router?
- Why disable SIP ALG?
- Best practices for reliable VoIP performance
What is SIP ALG?
SIP ALG is a feature found in most networked routers, operating as a function of its firewall. It consists of two different technologies, explained below:
- Session Initiation Protocol (SIP) – The underlying service that powers all Voice over Internet Protocol (VoIP) phones, apps, and devices. SIP manages registering devices, maintaining call presence, and overseeing the call audio. Read more about SIP in our deep dive here.
- Application Layer Gateway (ALG) – Routers segments your ISP and your internal network through a process known as Network Address Translation (NAT). An ALG acts as a proxy to rewrite the destination addresses in data packets for improved connectivity.
The problem with SIP ALG is the packet rewriting aspect of it. SIP ALG can be useful to mitigate multiple NATs, but it doesn’t help the vast majority. Let’s take a more in-depth look at what’s happening with these data packets.
The diagram above shows that the Application Layer Gateway changes the destination public IPs in SIP packets. Certain commercial routers are smart enough to inspect the SIP messages themselves to leave private IP addresses alone.
Today’s office PBX systems, conference calls, and even audio/video conferencing rely on SIP. Signaling protocols like SDP, RTP, and RTSP all face the same issues because they are a subset of SIP packets.
Signs SIP ALG affects VoIP calls
There are a few categories of symptoms SIP ALG could affect VoIP phone. It’s not always apparent, especially since these issues often happen silently without users knowing.
- One-way audio (only one person can hear the other)
- Phones do not ring when called
- Calls drop after being connected
- Calls going straight to voicemail for no known reason
What’s happening is that some VoIP traffic is lost between the phone and the VoIP service provider. This interruption is happening because of router firewalls. This traffic is essential to maintaining the phone’s availability and selecting the proper audio codecs.
Many routers default SIP ALG to on within their device’s firmware. Thanks to easy and simple web interfaces, simply check or uncheck a box. Pictured below is an example:
How do I turn off SIP ALG?
To disable SIP ALG, you will need to log into your router. Your router can also function as a modem for some broadband gateways. Popular brands of routers include Cisco, Linksys, Netgear, D-Link, Asus, and TP-Link.
We’ve compiled a list of the top routers and included links to disable the Application Layer Gateway, which can interfere with VoIP calls.
In most cases, you will need to sign in to your router with the admin password. Look under its security settings, uncheck SIP ALG, save and reboot your router. More advanced corporate firewalls may require further adjustment, such as port forwarding.
|Router Manufacturer||Steps to Disable SIP ALG|
If you are using the terminal, issue the following command:
|Arris||Most Arris broadband gateways:|
U-Verse Pace 5268AC Gateway
Cisco General and Enterprise-Class routers:
Cisco PIX routers:
Cisco ASA routers:
Linksys Smart Wi-Fi (E-series):
Older Linksys models:
Linksys BEFSR41 routers:
|Mikrotik||For Mikrotik routers, SIP ALG is known as SIP Helper.|
For Netgear routers with the Genie interface:
Other Netgear routers:
Newer TP-Link routers (Archer series):
Older TP-Link routers:
UniFi Security Gateway
Command Line Interface:
This broadband gateway does not support disabling SIP ALG. We recommend configuring your gateway to function only as a modem, not a router. You will need to use another router that supports disabling SIP ALG.
ZyXEL C1000Z/C1100Z (CenturyLink):
Why disable SIP ALG?
Conventional wisdom would suggest that an Application-Level Gateway is supposed to be enabled. After all, many consumer and commercial router settings even default SIP ALG to on.
As a feature in most broadband routers, SIP ALG was introduced with good intentions in response to the limitations of Network Address Translation. Unfortunately, it interferes with the built-in functionality of IP and signaling protocols. It’s no longer necessary with today’s VoIP applications.
Since ALGs exist at the Application Layer of the OSI Model, it doesn’t consider the datagrams within transport protocols like UDP or TCP. VoIP signaling protocols solve these common issues by including the public and private IP addresses in every packet.
Some routers try to improve security by terminating open connections in the firewall. Dubbed a “firewall pinhole,” it means that traffic can work momentarily, but when a SIP proxy drops packets, it can affect VoIP calls after you establish them.
You should disable SIP ALG because it:
- Interrupts SIP traffic like calls and conferencing apps.
- Affects the perceived reliability of desk phones and VoIP apps.
- Isn’t needed when using cloud-based VoIP providers.
For almost all VoIP users with a virtual phone system, the best practice is to turn off SIP ALG entirely.
The only reason why you would enable SIP ALG is if your router manufacturer or VoIP provider has instructed you. Given the prominence of VoIP and Application Layer Gateways, they will provide proper settings to work with your VoIP provider.
Best practices for reliable VoIP performance
Voice over Internet Protocol (VoIP) demands a few basics for optimal phone calls. In short, that’s bandwidth, latency, and stability. Follow these tips to improve inbound and outbound call quality and connectivity for your team.
1) Choose a high-bandwidth ISP with the proper hardware.
As a part of a robust VoIP architecture, you’ll want plenty of headroom for network utilization. Using gigabit switches and routers will eliminate any internal bottlenecks. Remember that you likely have many computers, phones, and TVs that also consume bandwidth. Aim for only using 80% of your allotted bandwidth.
2) Use wired Ethernet connections whenever possible.
Wireless connections are susceptible to interference that can cause packet loss, jitter. Latency and packet loss aren’t noticeable through casual browsing, but it can affect VoIP calls in unexpected ways, especially on VoIP desk phones. When using Wi-Fi, ensure you have a strong signal and have disabled SIP ALG in your wireless router.
3) Lengthen your UDP timeouts.
Most VoIP phone systems connect using User Datagram Protocol (UDP) for higher throughput and less connection overhead. However, this can come at a cost in reliability. Set your UDP timeouts to 150 seconds. If you find that your network routes get congested often, consider switching your VoIP setup over to Transmission Control Protocol (TCP). This tweak will increase your VoIP reliability. Consult with your VoIP service provider for further guidance.
4) Set up Virtual LAN (VLAN) tagging for SIP Devices.
After approximately 20 users, we recommend implementing network prioritization using Quality of Service (QoS).VLAN tagging lets you prioritize VoIP traffic above low-priority traffic. Doing so will minimize packet loss and enhance your overall VoIP security.
5) Keep up on firmware updates.
Take an active approach in checking for your router manufacturer’s firmware patches. These may sometimes revert settings, but they will patch security and performance issues. You may need to consult with the vendor to download updates from its FTP or push software images via the Command Line Interface (CLI) for commercial routers.
Selecting the right VoIP phone service
Disabling SIP ALG can be the solution to many problems when making calls with VoIP. Many technicians often overlook this simple fix. It’s undoubtedly worth adjusting to enhance the overall reliability and performance of your virtual phone service.
You’re likely reading this article because your phone system isn’t working right. It happens to the best of us. Instead of trying to fix this on your own, you could talk with one of our VoIP experts.
Nextiva has been providing companies a better choice for commercial phone service for over 14 years. Unlike telephone and cable companies, We cater only to businesses of all sizes and industries. Arguably, we deliver the best live support, which is why we call it Amazing Service®.
Cameron Johnson is a market segment leader at Nextiva. Along with his articles on Nextiva’s blog, Cameron has written for a variety of publications including Inc. and Business.com. Cameron was recently recognized as Utah’s Marketer of the Year.