We help IT Professionals succeed at work.

Is an Application-level Gateway (ALG) required for VoIP/SiP? Can it be bypassed?

Last Modified: 2008-09-07
hi folks,

I have a conference bridge in a secured datacenter which receives VoIP/SIP calls from public internet. we recently changed firewall from an old/simple netscreen to a newer Juniper SSG5. I found out that the new Juniper has a new feature called an Application Level Gateway (ALG) which limits the number of simultaneous VoIP/SIP calls I can place into the bridge (which the old firewall didn't).

I didn't have any issues with the old firewall and I don't necessarily need the new functionality of an ALG - simple protocol/port & source/destination rules worked fine for me. The problem that I face now is that to increase the number of VoIP/SIP calls I can handle and stay with Juniper (which the guys in the datacenter know), I have to upgrade and at a significant price.

Does anyone know:
1) are there any advantages to an ALG like this (any informed opinions/experiences would be good)?
2) is it possible to turn off or bypass the Juniper ALG (we tried but it then didn't allow any VoIP/SIP calls)?
3) are there other good firewalls out there that don't have an ALG for VoIP/SIP?
4) if an ALG is a good thing (see question 1) are there any firewalls out there that don't cost a fortune and can handle 128/256 simultaneous voip calls?

Watch Question

This one is on us!
(Get your first solution completely free - no credit card required)


great - i'll give that a go tomorrow night or the next.

i assume rollback is:
my_fw-> set alg sip enable
and reboot needed for change to take effect?

let me know?

This one is on us!
(Get your first solution completely free - no credit card required)
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.