VOIP disable SIP ALG and NAT time-out

I am trying to have our VOIP devices fully functional but having trouble with VOIP services.

My VOIP provider tells me to disable SIP ALG (should not manipulate SIP headers) and set higer NAT time-out

The VOIP is based on BroadSoft/BroadWorks.

I have created a Group-Services with all these settings but for this moment I have allowed ANY-services and ANY-IP's

Where can I check SIP ALG en NAT time-out in v18 EAP2?

Because Packet Capture is not working in v18 EAP2 I can not use this.

In Logviewer I sometimes see:

log_component="Invalid Traffic" log_subtype="Denied" status="Deny"

fw_rule_id="0" nat_rule_id="0"

Firewallmessageid="01001"

dst_port="443"

out_interface=""   this is strange, few seconds later it is showing the WAN port2 en action is Allowed

Parents Reply
  • What exactly are the issues you're facing with VoIP?

    Are you having trouble with phones not being able to make calls or are they not provisioning correctly? That's two VERY different things. The configuration is pulled from the boot server often via HTTP(s)/FTP while SIP and RTP are used when the phone is making calls.

    "system system_modules sip unload" will permanently disable SIP on the XG. I won't automatically re-enable itself.

    Are you applying any IPS/Web Filtering/Application Filtering/SSL&TLS Decryption to this traffic? If so, please check the logs for each and post the settings.

Children
No Data