ALGs Current text: A NAT MUST have the capability to turn off individually all ALGs it supports, except for DNS and IPsec (REQ-10) Any NAT ALG for SIP MUST be turned off by default (REQ-10a) Mailing list discussion consensus text for next version: If a NAT includes ALGs, all of those ALGs MUST be disabled by default. (REQ-10) If a NAT includes ALGs, it is RECOMMENDED that the NAT allow the user to enable or disable each ALG separately. (REQ-10a) IPsec is not relevant to UDP Stronger stance against ALGs being “off” by default |