I was looking at this:

https://community.checkpoint.com/t5/Security-Gateways/How-to-disable-SIP-ALG-inspection-in-a-specifi...

Specifically to this:

1. Define your own UDP or TCP object without a protocol handler. For example: Name it SIP-BARE and use UDP/5600
2. Make sure you enable "Match for Any" on your own service and disable it on the existing service.
3. Make a rule for you own service AND!!!! make sure it is ABOVE any rule that uses the build in SIP services (which contains handlers).

Apart from that we also did this sk:

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

To be honest, in my opinion there should be an official SK from CheckPoint what needs to be done in order to disable SIP inspection on both gaia and embedded at this stage.There is also this sk:

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

which does not exactly specify.

Not getting this, what is missing in sk65072, in your opinion?

For example, embedded gaia gateways (running R80.20.x), R80.40 and R81 procedures

Fair enough.

The SK is describing procedures to disable SIP inspection for performance reasons. If this is your case, and you are running R80.40 or above, you do not need to disable it. If you still want to disable, it is the same procedure for all R8x, just follow the relevant section.

If your R80.20 SMB is centrally managed, the described changes will do too. 

Now, let me ask, why do you need to disable it in the first place?

Hi Val,

SIP inspection needs to be disabled since there are intermittent issue with voice and we need to make sure is not being done by checkpoint. SIP Headers will be modified directly by the PABX rather than the firewall.

FW does not modify SIP headers, but once again, follow the procedure mentioned in the above SK. 

Also, and actually before you do that, why wouldn't you ask TAC to help you figuring out the actual issue in hands?

I've already opened a case with TAC around 2 weeks ago but given the reply I got I don't have high hopes to be honest. I asked for SIP inspection and was pointed to HTTPS inspection 🙂 That's why i'm asking here maybe someone has experienced such issues with SIP and overcome them.

Please PM me with your SR number

Thanks Val. Sent you pm.

Strangely enough, I do not see any message from you. would you care to send your SR to vloukine@checkpoint.com?

Thanks Val. Sent it via email.

Quick question. 
if predefined services are applied in any rule, but in your certain rule you applied your owd defined services, would it work so?

It depends on the precise rules in your rulebase.
Refer to the following for a detailed explanation of how rulebase matching works: https://community.checkpoint.com/t5/Management/Unified-Policy-Column-based-Rule-Matching/m-p/9888#M1...
Basically, if multiple rules potentially match the same source/destination/service, where service is the specific TCP/UDP ports involved, then you might have issues if you're trying to avoid certain protocol handlers like SIP.
If you want to ensure that a certain protocol handler isn't used, then focused rules (possibly using inline layers) are key.