Firewall Settings
- 17 Jan 2023
- 2 Minutes to read
- Print
- PDF
Firewall Settings
- Updated on 17 Jan 2023
- 2 Minutes to read
- Print
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
Many errors can be remedied by updating the software in the modem / router / firewall that is in your network.
Visit the manufacturer's page to download newer firmware.
Netgear
https://www.netgear.com/support/download/
D-Link
https://eu.dlink.com/uk/en/support
Zyxel
https://www.zyxel.com/support/download_landing.shtml
Cisco
https://software.cisco.com/download/home/268437899
ASUS
https://www.asus.com/microsite/2014/networks/routerfirmware_update/
Linksys
https://www.linksys.com/en/support/
TP-LINK
https://www.tp-link.com/en/support/download/
Belkin
https://www.belkin.com/support-center/
Below you will find some settings that can be made in different firewalls to improve the conditions for IP telephony.
Zyxel Zywall USG
Network / ALG / SIP Settings
[x] Enable SIP ALG
[ ] Enable SIP Transformations
[x] Enable Configure SIP Inactivity Timeout
SIP Media Inactivity Timeout: 120 (seconds)
SIP Signaling Inactivity Timeout: 1800 (seconds)
SIP Signaling Port:
5060
If the firewall uses firmware version 3.xx, you can check "Enable SIP Transformations".
If the firewall uses 3.30 and later, direct signaling should be activated. Connect to the firewall with telnet / ssh and run the following commands:
configure terminal alg sip direct-signalling no alg sip direct-media
Then it should look like this:
Router# show alg sip active: yes transformation: yes inactivity-timeout: yes direct-signalling: yes direct-media: no media inactivity timeout: 120 signaling inactivity timeout: 1800
Zyxel P660
Telnet into the modem (default: 1234)
If you get RAS> write:
ip nat service sip active 0
Otherwise, select 24 and then 8 in the menu to get a command interpreter and there you type as above: ip nat service sip active 0
Zyxel P-334
Telnet into the modem (default: 1234)
ip alg disable ALG_SIP
ip alg disable ALG_VoIP
Otherwise, select 24 and then 8 in the menu to get a command interpreter and there you type as above
However, this does not seem to get stuck in the router but the best thing is to replace it.
Intertex IX78
Turn off SIP support (Security settings, check box for sip, save permanently - restart)
Cisco RV042, RV082 m.fl
Update to latest firmware: http://software.cisco.com/download/release.html?mdfid=282414010&softwareid=282465789
More Cisco models are available here: http://software.cisco.com/download/navigator.html?mdfid=282413304
D-Link DIR655
If firmware version 2.07 or later hw B1.
Enable SPI: Enabled
UDP Endpoint Filtering: Address Restricted
TCP Endpoint Filtering: Port And Address Restricted
Anti-Spoof checking: Disabled
DMZ Host: Not used
Application Level Gateway (ALG) Configuration
PPTP: Enabled
IPSec (VPN): Enabled
RTSP: Enabled
SIP: Enabled
if earlier firmware.
Turn off SIP-ALG.
Advanced -> Firewall Setting
Uncheck "SIP" from the "Application Level Gateway".
If it does not make a difference, you can also check "Enable SPI" for troubleshooting purposes.
Linksys WRT54G
WRT54G(v5+) - Update to latest firmware
WRT54GS - Update to latest firmware
The following Linksys models have problems or do not work at all:
WRT54G (v4 och äldre) - Test by updating to the latest firmware
WRT54GL - Test by updating to the latest firmware
If it does not work after upgrade - Replace the router.
Cisco 800
To turn off SIP ALG, run the following commands:
no ip nat service sip tcp port 5060
no ip nat service sip udp port 5060
TP-LINK
Disable "Hardware NAT" for one-way communication problems and the like.
Netgear Prosafe SRX5308
Known error is that this firewall only lasts SIP session for a few minutes.
It has at times helped to upgrade the firmware to 4.3.2-7
Was this article helpful?
