Is SIP ALG broken on ZyWall VPN 300?

M_Hillerström
M_Hillerström Posts: 4
First Comment
edited April 2021 in Security

Hi,

Contrary to all recommendations, I have experienced, that I must activate SIP ALG in order to have my phones working behind our ZyXEL VPN 300. However, whenever I switch the ZyXEL off and turn it back on the phones will not work until I've manually disabled SIP ALG (+ Apply) followed by enabling SIP ALG (+ Apply). Why is this? Can I flick a switch somewhere to correct this bad behavior?

/Michael

All Replies

  • Firmware version 10.02(ABFC.3)

  • PeterUK
    PeterUK Posts: 2,655  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer

    That would seem to be a bug when its not applying on boot up even if checked Proxy arp had the same problem but thats fixed.

    Someone from ZyXEL will sure pick this up and give you a fix.

    Its best if you can keep the ZyXEL VPN 300 on unless you have a good reason for turning it off?

  • Thanks, I certainly intend to keep it running but I'm not at work 24/7 and some problems have in fact an easy and quick fix by restarting the edge device. Luckily, this is very rare though. But, should a situation arise and the device is restarted, then the phones will not work without further intervention which is not something I would like a non-technical person fiddling with...

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,278  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @M_Hillerström,

    SIP ALG and SIP Transformations are working properly after VPN300 reboots.

    Here are the test result for your reference.

    Firmware: V10.02(ABFC.3)

    SIP Server----Internet----(wan)VPN300(lan)-----PC1(192.168.1.33) and PC2(192.168.2.33)


    Can you share your configuration file of VPN300, topology and packet capture of wan interface of VPN300 (before & after reboot) with us to check the symptom?

    Before VPN300 reboots

    After VPN300 reboots


  • Hi Zyxel_Emily,

    Sure, I will do this as soon as possible. This time of the year any downtime is not welcome, so I will have to wait to mid January. ok?

    I don't recall seeing any screens like your packet capture example above. Frankly, I am new to ZyXEL philosophy, so I need you to be more specific about your needs and how you want me to obtain the wanted data.

    Seasons greetings,

    Michael

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,278  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @M_Hillerström,

    To clarify the issue, can you describe more about the symptom?

    For example, what is the symptom that "the phones will not work" after VPN300 reboots?

    Are phones in LAN able to register to the SIP server after VPN300 reboots?

    If phones are able to register to SIP server, is the call able to be established?


    Then capture packet on the interface of lan and wan before you disable/enable SIP ALG (+ Apply) and after you disable/enable SIP ALG (+ Apply).


Security Highlight