This article will outline how to do the following:
To disable SIP ALG, run these commands:
#edit
# set security alg sip disable
# commit
Running this command will show if this works:
#run show security alg status
You should see this:
ALG Status :
DNS : Enabled
FTP : Enabled
H323 : Enabled
MGCP : Enabled
MSRPC : Enabled
PPTP : Enabled
RSH : Enabled
RTSP : Enabled
SCCP : Enabled
SIP : Disabled
SQL : Enabled
SUNRPC : Enabled
TALK : Enabled
TFTP : Enabled
IKE-ESP : Disabled
To setup our IP's we need this config:
Please contact Audian support for a list of our IP addresses to be whitelisted.
[edit security address-book]
+ EXT_AB {
+ address SIP_1 55.555.55.555/32;
+
+ attach {
+ zone untrust;
+ }
+ }
[edit security]
+ alg {
+ sip disable;
+ }
[edit security policies from-zone untrust to-zone trust]
+ policy Audian_SIP_Permit {
+ description Phones;
+ match {
+ source-address [ SIP_1 SIP_2 SIP_3 SIP_4 SIP_5 SIP_6 SIP_7 SIP_8 SIP_9 SIP_10 SIP_11 SIP_12 SIP_13 SIP_14 ];
+ destination-address any;
+ application [ Audian_SIP5060_5082 Audian_SIP11000 Audian_SIP_RTP16384_32768 ];
+ }
+ ## Warning: missing mandatory statement(s): 'then'
+ }
[edit]
+ applications {
+ application Audian_SIP5060_5082 {
+ protocol udp;
+ destination-port 5060-5082;
+ }
+ application Audian_SIP11000 {
+ protocol udp;
+ destination-port 11000;
+ }
+ application Audian_SIP_RTP16384_32768 {
+ protocol udp;
+ destination-port 16384-32768;
+ }
+ }
Migrated from Confluence on 2026-02-03
Original Confluence Article