How to verify that my opnsense setup not vulnerable to NAT Slipstreaming 2.0 attack (https://www.securityweek.com/nat-slipstreaming-20-exposes-devices-internal-networks-remote-attacks)?
Where are ALG settings?
Today i aksed me the same question - i found a reply here
https://forum.opnsense.org/index.php?topic=21998.msg104097#msg104097
There is not Sip ALG or other ALG.
If found this one too
https://www.reddit.com/r/PFSENSE/comments/jng0dw/has_anyone_else_seen_the_new_nat_slipstream/
and one other reddit posting - saying more ore less opensense does not use any ALG
Not sure if this information can help you.
I read that modern Browser (with new patches) try to reduce the risc related to H323 and WebRTC for NAT Slipstreaming, too