- I believe the secure firewall the ALG would need to traverse and be installed on is the ISP's device. That seems to be the source of the current issue.

- The SIP ALG is known to be vulnerable - see https://samy.pl/slipstream/