Palo Alto Networks Certified Network Security Engineer (PCNSE) — Question 496

After implementing a new NGFW, a firewall engineer is alerted to a VoIP traffic issue. After troubleshooting, the engineer confirms that the firewall is alerting the voice packets payload.

What can the engineer do to solve the VoIP traffic issue?

Answer options

• A. Increase the TCP timeout under SIP application
• B. Disable ALG under SIP application
• C. Disable ALG under H.323 application
• D. Increase the TCP timeout under H.323 application

Correct answer: B

Explanation

Disabling ALG under the SIP application is the correct action because it allows the VoIP traffic to pass without interference from the firewall's application layer gateway, which can mistakenly flag or alter voice packets. The other options either do not address the issue directly or are related to different protocols that are not causing the current problem.