Comcast Business modem disable sip ALG?

[Tuly]

I have a new client that has Comcast Business Internet with static IP on their router,  and they're having major quality issues,  I called Comcast to request to disable sip ALG and turn off the firewall on the modem, but they say its not possible for them to do this, bla bla the modem doesn't support that feature, 

Anyone has experience with best practice on Comcast business modems?

[FASTDEVICE]

What model DOCSIS modem did Comcast deploy to the client's site? I have a number of clients on Comcast and they complain the least.  

[Logicwrath]

I have never had an issue around the Comcast SIP ALG, I did not even know they had one.  We have a lot of phones using Comcast without issues.  I will say that the first thing we do anytime we install phones or firewall is bridge the Comcast modem to our firewall device.  I think all the newer modems will allow you to bridge right from the web interface without calling Comcast.  If they are on an older modem you can call Comcast and have them bridge the modem for you.  When you bridge the modem the device gives your firewall a public IP via DHCP.  I suspect this would bypass any SIP ALG the device would have.

If you have a static IP then you already have a public IP address so this would not be helpful.  Are you sure the SIP ALG is even affecting your traffic on the public IP?  What issues are you even having?  If a SIP ALG is causing issues I would think that it would be generating one way audio since the function of the ALG is to rewrite packets with with different source or destination addresses and solve NAT issues.

I would first confirm that they are not maxing out the connection and I would also see if there is packet loss to the RTP media servers.  You may want to try using a different proxy.

[Tuly]

@Logicwrath is it possible to bridge a comcast modem even if i have static IP? Or will the bridge kill the static IP?

[Logicwrath]

You don't need to bridge if you already have a static IP.  I am not even convinced you have a SIP ALG or that it is affecting your calls.  Are you getting one way audio?

[Tuly]

Umm no not one way audio, but different interesting issues everyday,  calls are failing to connect a lot of times,  incoming calls are not ringing to the phone at different times,

 in the middle of a phone call there's dead air for about 5 Seconds multiple times during the day,  but when making a continuous ping there's no packet loss, 

[Logicwrath]

I suspect there is packet loss.  What kinds of handsets do you have installed?  If you are using Yealink you can logon to the web interface and click on Status, RTP Status and see if there was packet loss on the previous or current in progress call.  It will also give you the IP address of the RTP media server used in the last call so you can run tests against it for packet loss.

What are you even pinging?  I bet you are not pinging the media servers.  What proxy are you using?

[Logicwrath]

I think you can also get the media server from the call log detail in Smart PBX.

[Tuly]

Using the east proxy, i will ping today the media IPs and will see, i have GXP2160 phone

[Logicwrath]

Switch to the central proxy and see if the issues go away.

[FASTDEVICE]

My reason for asking the model number is I'm noticing some Comcast clients being asked to swap out their prior business class Netgear modem for an Xfinity labeled Cisco DPC3941B. While I haven't had any reported issues from the swap out, the Netgear over the years has been the least troublesome. There is a blacklist floating around the Internet of Comcast modems that have SIP related issues.  i.e. a poorly implemented ALG that can't be turned off etc.  

[Karl Stallknecht]

1 hour ago, Tuly said:

Umm no not one way audio, but different interesting issues everyday,  calls are failing to connect a lot of times,  incoming calls are not ringing to the phone at different times,

 in the middle of a phone call there's dead air for about 5 Seconds multiple times during the day,  but when making a continuous ping there's no packet loss, 

Incoming calls not ringing to certain phones at different times almost 100% sounds like SIP ALG.

Does the customer need a static IP? If not, I would 100% remove the Comcast modem/router combo unit and buy your own Arris cable modem and a separate router. We do this for all of our Comcast customers as we've had nightmares with the Comcast modem/router units. No matter the brand/model, they all cause issues for our customers even from just a web browsing perspective and not even VoIP related. When we remove the Comcast unit, everything gets better across the board. For customers that require static IPs, we will make them get a second Comcast account and have one for their computers and static IPs using the Comcast modem, and another for VoIP with an Arris modem. Works much better! Unfortunately Comcast is one of the few cable providers that requires you to use their modem if you have static IPs which is a huge pain. None of the other local cable providers require this. 

The new Verizon FiOS routers are notoriously bad with the "random phones not ringing" issue. Also major problems with BLF. Same thing...SIP ALG cannot be disabled in the newer models. The older models let you disable it though and the older models had zero issues. We always remove the newer models and replace them with something else. Luckily Verizon's ONT (equivalent of the cable modem) doesn't seem to have any issues, so we just run ethernet from the ONT to our own router that we put in, and all problems go away once we do this.

Crazy that FastDevice says his Comcast customers complain the least - Comcast is by far the worst provider for us here 😂

[safarov]

Yes, i can confirm Comcast have ALG and you cannot call SIP phone on standard port.
Please connect phone to 7000 port or use TLS

[fmateo05]

I was having same issue from my provider when using routers that does not allow disabling SIP-ALG. I am testing with raising up a VPS and set up VPN on it, then, after setting up VPN through  the my Wifi router (IPSec or L2TP, etc), the issue was gone. Of course this is when not using TLS

[Karl Stallknecht]

5 minutes ago, fmateo05 said:

I was having same issue from my provider when using routers that does not allow disabling SIP-ALG. I am testing with raising up a VPS and set up VPN on it, then, after setting up VPN through  the my Wifi router (IPSec or L2TP, etc), the issue was gone. Of course this is when not using TLS

Are you able to just use a different router?

[Logicwrath]

We have seen cases in the past where specific model cable modems from Comcast had issues.  I think they eventually fixed those issues through firmware upgrades.  At the time it was their technicolor models.  If you are not using a static IP address, consider buying your own modem and activating that.  I would always either use a static IP, bridge the modem, or purchase your own modem.

[fmateo05]

I have both  routers  from ISP without the capability of disable SIP-ALG. Because of that i am trying with VPN

[krzykat]

It's just incredible how someone thought SIP-ALG would solve problems and all these ISP roll it out - and it is the #1 Major problem with  businesses setting up VoIP on premise.

[fmateo05]

Nevermind... I did a workaround described here: