Palo Alto Networks (PANW) Certified Network Security Administrator (PCNSA) Practice Exam

What must be done to disable the Application Level Gateway (ALG) feature for a SIP phone system being integrated into a firewall?

• A. Enable SIP ALG in the global settings
• B. Create an Application Override policy for the specific traffic
• C. Reconfigure the firewall to allow all traffic
• D. Deactivate VoIP traffic filtering in settings

The correct answer is: Create an Application Override policy for the specific traffic

Disabling the Application Level Gateway (ALG) feature for a SIP phone system can be effectively achieved by creating an Application Override policy for the specific traffic. When implementing an Application Override policy, you instruct the firewall to treat traffic differently by allowing the SIP communications to bypass the default behavior of the ALG. This is crucial for SIP traffic because the ALG can interfere with the successful establishment of SIP sessions, particularly due to its tendency to modify packets and data streams. By using Application Override, you ensure that the firewall processes the SIP packets without ALG interference, allowing the SIP endpoints to communicate correctly. This is especially important for VoIP applications where signaling and media traffic must traverse the network unaltered to maintain call quality and connection stability. It's essential to note that the other options do not achieve the same objective or could adversely affect the security and performance of the network. For example, enabling SIP ALG or deactivating VoIP traffic filtering in settings could leave the system vulnerable or create unwanted changes in traffic handling. Reconfiguring the firewall to allow all traffic may compromise the security posture by removing important filtering and monitoring capabilities. Therefore, creating an Application Override policy is the most precise and secure method to disable SIP ALG for a specific traffic flow.