Try Out the New 3CX SIP ALG – Firewall Check
With the beta of version 15.5 SP1 the firewall checker has been extended to check if the firewall executes SIP ALG or not. This feature will be helpful to every user implementing 3CX while using SIP Trunks and remote (STUN) IP phones. It ensures that SIP ALG is not present or switched off in order to have untempered message exchange with the endpoint.
This feature is especially helpful for all partners not maintaining their customers’ networks but rely on correct setup of the firewall.
I would like to invite all users which can control their firewall devices to run the test, by switching on SIP ALG in their firewall and then run it again with it switched off. The more firewalls tested the more helpful it is for users as it gives them confidence in the setup of the firewall and strengthens their standpoint with 3rd party network implementors.
Currently we have validated the detection with the following firewalls:
- Cisco ASA 5505
We would like to add more to the list and require your participation.
The firewall checker for “detecting SIP ALG” returns 3 results:
- Not detected
Is reported when 3CX reaches the SIP ALG checking server and the content sent and received is matches without alteration of its content. The test is marked as “Passed”.
Is reported when 3CX was not able to connect to the SIP ALG checking server. Possible reasons could be a blocked connection or due to SIP ALG handlers manipulation of the content in such a manner that it is not understood any more by the server. The test is marked as “Failed”.
- Detected (Values)
Is reported when 3CX was able to connect to the SIP ALG checking server but the content seen by the server was altered compared to what was generated by 3CX. The values shown are a CRC32 checksums from what it should have been to what has is seen by the server side and vice versa. The test is marked as “Failed”.
I am thanking you for taking the time to participate in testing the new SIP ALG and look forward to receiving your feedback.