gdoherty
asked on
Is an Application-level Gateway (ALG) required for VoIP/SiP? Can it be bypassed?
hi folks,
I have a conference bridge in a secured datacenter which receives VoIP/SIP calls from public internet. we recently changed firewall from an old/simple netscreen to a newer Juniper SSG5. I found out that the new Juniper has a new feature called an Application Level Gateway (ALG) which limits the number of simultaneous VoIP/SIP calls I can place into the bridge (which the old firewall didn't).
I didn't have any issues with the old firewall and I don't necessarily need the new functionality of an ALG - simple protocol/port & source/destination rules worked fine for me. The problem that I face now is that to increase the number of VoIP/SIP calls I can handle and stay with Juniper (which the guys in the datacenter know), I have to upgrade and at a significant price.
Does anyone know:
1) are there any advantages to an ALG like this (any informed opinions/experiences would be good)?
2) is it possible to turn off or bypass the Juniper ALG (we tried but it then didn't allow any VoIP/SIP calls)?
3) are there other good firewalls out there that don't have an ALG for VoIP/SIP?
4) if an ALG is a good thing (see question 1) are there any firewalls out there that don't cost a fortune and can handle 128/256 simultaneous voip calls?
Thanks,
I have a conference bridge in a secured datacenter which receives VoIP/SIP calls from public internet. we recently changed firewall from an old/simple netscreen to a newer Juniper SSG5. I found out that the new Juniper has a new feature called an Application Level Gateway (ALG) which limits the number of simultaneous VoIP/SIP calls I can place into the bridge (which the old firewall didn't).
I didn't have any issues with the old firewall and I don't necessarily need the new functionality of an ALG - simple protocol/port & source/destination rules worked fine for me. The problem that I face now is that to increase the number of VoIP/SIP calls I can handle and stay with Juniper (which the guys in the datacenter know), I have to upgrade and at a significant price.
Does anyone know:
1) are there any advantages to an ALG like this (any informed opinions/experiences would be good)?
2) is it possible to turn off or bypass the Juniper ALG (we tried but it then didn't allow any VoIP/SIP calls)?
3) are there other good firewalls out there that don't have an ALG for VoIP/SIP?
4) if an ALG is a good thing (see question 1) are there any firewalls out there that don't cost a fortune and can handle 128/256 simultaneous voip calls?
Thanks,
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
i assume rollback is:
my_fw-> set alg sip enable
and reboot needed for change to take effect?
let me know?
thanks,