[asterisk-users] Anyone used WatchGuard SIP ALG?

Tony Mountifield tony at softins.co.uk
Tue Apr 22 11:11:54 CDT 2014

In article <CAHE6+j3hb5d8mJfY69F73TVwZus9ZAQrDakt4+iW+tx58_uZ=g at mail.gmail.com>,
Ishfaq Malik <ish at pack-net.co.uk> wrote:
> On 22 April 2014 16:24, Tony Mountifield <tony at softins.co.uk> wrote:
> > Has anyone here used Asterisk inside a WatchGuard firewall, talking via
> > the WatchGuard SIP Application Layer Gateway to an outside SIP service?
> >
> > I have a customer doing just that, and I am 100% convinced there is a bug
> > in the ALG regarding the media port number it inserts into the SDP when
> > it rewrites it. However, either they or WatchGuard will not accept there
> > is a bug, despite my very detailed description of it.
> >
> > So if anyone else has any experience of using this product, I'd be very
> > interested to hear from you. Thanks!
> >
> Just about every SIP ALG (Watchguard included) makes things worse or simply
> not work.

Maybe, but that doesn't mean the concept is flawed. It should be possible
to do it correctly.

> Have you tried to simply disable it?

Yes, the customer has tried that, but since NAT is involved, the lack
of SDP rewriting means that the media streams do not get routed correctly.

But I am specifically looking for people with experience of this particular
product, rather than for general advice, as I am seeking support for my assertion
that it has a specific bug that the vendor needs to acknowledge and fix.

Tony Mountifield
Work: tony at softins.co.uk - http://www.softins.co.uk
Play: tony at mountifield.org - http://tony.mountifield.org

More information about the asterisk-users mailing list