One Way Audio Issues and STUN
-
@jaredbusch said in One Way Audio Issues and STUN:
The problem with ALG is that, if I understand how it was originally designed, it is basically a MitM on SIP traffic.
That's my understanding of it, and how it is implemented. Had no idea there was a standard for that mess.
-
I've never turned on ALG. I caught this because I have a catchall proxy at the end of my policies for outgoing TCP/UDP/DNS that might have slipped through my other policies. It makes sure that everything is scanned and IPS hopefully catches what I may have missed.
-
I don't like the stock, out of the box -- Allow All to Any
Edit: Outgoing: Allow All to Any -
@scotth said in One Way Audio Issues and STUN:
I've never turned on ALG.
On by default, have to manually turn it off.
-
@scottalanmiller said in One Way Audio Issues and STUN:
@scotth said in One Way Audio Issues and STUN:
I've never turned on ALG.
On by default, have to manually turn it off.
Not in the Watchguards that I use
-
@scotth said in One Way Audio Issues and STUN:
@scottalanmiller said in One Way Audio Issues and STUN:
@scotth said in One Way Audio Issues and STUN:
I've never turned on ALG.
On by default, have to manually turn it off.
Not in the Watchguards that I use
We're discussing Ubiquiti here. That's what the OP is using.
-
Apologies
-
@scotth said in One Way Audio Issues and STUN:
Apologies
Although nice that WG doesn't turn it on by default, most systems do. Such a bad idea.
-
@scottalanmiller said in One Way Audio Issues and STUN:
@scotth said in One Way Audio Issues and STUN:
Apologies
Although nice that WG doesn't turn it on by default, most systems do. Such a bad idea.
I'd have to dig, but I'm fairly sure that I saw a notification in one of the release notes for an update that it was to be left off unless you had a VOIP / SIP vendor who specifically required it.
-
@scotth very few if any tell you to turn it on. I could see maybe a scenario if the SIP provider provided you the equipment then sure if they want it turned on cool, since they may have certified it. But in general it I think the problem is whatever ALG is doing messes up with the firewall and I think basically the traffic is getting probed and flagged!
-
I want to go find the programmer who created ALG and throw him in a cage of lions!
#frustrated!