Firewall Settings
  • 17 Jan 2023
  • 2 Minutes to read
  • PDF

Firewall Settings

  • PDF

Article Summary

Many errors can be remedied by updating the software in the modem / router / firewall that is in your network.
Visit the manufacturer's page to download newer firmware.

Netgear

https://www.netgear.com/support/download/

D-Link

https://eu.dlink.com/uk/en/support

Zyxel

https://www.zyxel.com/support/download_landing.shtml

ftp://ftp.zyxel.se/

Cisco

https://software.cisco.com/download/home/268437899

ASUS

https://www.asus.com/microsite/2014/networks/routerfirmware_update/

Linksys

https://www.linksys.com/en/support/

TP-LINK

https://www.tp-link.com/en/support/download/

Belkin

https://www.belkin.com/support-center/


Below you will find some settings that can be made in different firewalls to improve the conditions for IP telephony.

Zyxel Zywall USG

Network / ALG / SIP Settings

[x] Enable SIP ALG

   [  ] Enable SIP Transformations

   [x] Enable Configure SIP Inactivity Timeout

        SIP Media Inactivity Timeout: 120 (seconds)

        SIP Signaling Inactivity Timeout: 1800 (seconds)

   SIP Signaling Port:

            5060


If the firewall uses firmware version 3.xx, you can check "Enable SIP Transformations".

If the firewall uses 3.30 and later, direct signaling should be activated. Connect to the firewall with telnet / ssh and run the following commands:

configure terminal alg sip direct-signalling
no alg sip direct-media

Then it should look like this:

Router#  show alg sip active: yes transformation: yes inactivity-timeout: yes direct-signalling: yes direct-media: no media inactivity timeout: 120 signaling inactivity timeout: 1800


Zyxel P660

Telnet into the modem (default: 1234)

If you get RAS> write:

ip nat service sip active 0

Otherwise, select 24 and then 8 in the menu to get a command interpreter and there you type as above: ip nat service sip active 0

Zyxel P-334

Telnet into the modem (default: 1234)

ip alg disable ALG_SIP
ip alg disable ALG_VoIP

Otherwise, select 24 and then 8 in the menu to get a command interpreter and there you type as above

However, this does not seem to get stuck in the router but the best thing is to replace it.

Intertex IX78

Turn off SIP support (Security settings, check box for sip, save permanently - restart)

Cisco RV042, RV082 m.fl

Update to latest firmware: http://software.cisco.com/download/release.html?mdfid=282414010&softwareid=282465789

More Cisco models are available here: http://software.cisco.com/download/navigator.html?mdfid=282413304

D-Link DIR655

If firmware version 2.07 or later hw B1.

Enable SPI: Enabled    

UDP Endpoint Filtering: Address Restricted

TCP Endpoint Filtering: Port And Address Restricted

Anti-Spoof checking: Disabled

DMZ Host: Not used

Application Level Gateway (ALG) Configuration

PPTP: Enabled    

IPSec (VPN): Enabled

RTSP: Enabled

SIP: Enabled

if earlier firmware.

Turn off SIP-ALG.

Advanced -> Firewall Setting

Uncheck "SIP" from the "Application Level Gateway".

If it does not make a difference, you can also check "Enable SPI" for troubleshooting purposes.

Linksys WRT54G

WRT54G(v5+) - Update to latest firmware

WRT54GS - Update to latest firmware

The following Linksys models have problems or do not work at all:

WRT54G (v4 och äldre) - Test by updating to the latest firmware

WRT54GL - Test by updating to the latest firmware

If it does not work after upgrade - Replace the router.

Cisco 800

To turn off SIP ALG, run the following commands:

no ip nat service sip tcp port 5060

no ip nat service sip udp port 5060

TP-LINK

Disable "Hardware NAT" for one-way communication problems and the like.

Netgear Prosafe SRX5308

Known error is that this firewall only lasts SIP session for a few minutes.

It has at times helped to upgrade the firmware to 4.3.2-7


Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.