Any SIP Application Layer Gateway on your network must be disabled in your firewall, as it will always break SIP, which the phones use as their signaling protocol.

Many routers and firewalls have SIP-specific settings that manipulate how SIP traffic is handled, with the intent to help alleviate traditional issues that applications with specific addressing requirements like SIP have with NAT traversal. This function can have different names (SIP ALG, SIP Helper, SIP Inspection, SIP Transformations, etc.), but ultimately, they all perform a similar function — identifying SIP packets and manipulating them.

If your firewall/router does not have an option to disable SIP ALG, that does not mean that it is not running; it just means you cannot disable it. The only way to truly confirm if it is enabled or not would be to contact the vendor and have them verify if a SIP Application Layer Gateway is running on the device. If it is running, ask them how that can be disabled. If it can’t be disabled, that device cannot be used with our platform (or any other hosted VoIP system for that matter).