Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 425

After implementing a new NGFW, a firewall engineer sees a VoIP traffic issue going through the firewall. After troubleshooting, the engineer finds that the firewall performs NAT on the voice packets payload and opens dynamic pinholes for media ports.

What can the engineer do to solve the VoIP traffic issue?

Answer options

• A. Disable ALG under H.323 application
• B. Increase the TCP timeout under H.323 application
• C. Increase the TCP timeout under SIP application
• D. Disable ALG under SIP application

Correct answer: D

Explanation

Disabling ALG under the SIP application is the correct solution because SIP ALG can interfere with VoIP signaling and media streams, causing issues. The other options either pertain to different protocols or simply adjust timeouts, which do not directly address the problems caused by SIP ALG.