Nat – Do you need to enable ALG features in order to NAT H323 traffic on a Juniper firewall

No it isn't necessary. In fact, I had to disable it last year to properly get some Polycom HDX units to work properly over NAT. It makes it a little more work IMO since you need to open up additional high ports, but still. It is recommended though to keep it on unless you experience issues such as in the KB article below. OR the alternative is to open up the actual ports used by your H323 traffic (not using the built in H323 service but by creating a custom service with high ports open as well as necessary).

There's actually a Juniper KB article that describes it:

http://kb.juniper.net/InfoCenter/index?page=content&id=KB7407&actp=search&viewlocale=en_US&searchid=1379081132614

Summary: SIP, H.323, RTSP connections not working and Trust Interface is configured in NAT mode (interface-based NAT)

Problem or Goal: Environment:

SIP
H.323
RTSP

Any applications that use SIP, H.323, or RTSP will not work properly if Interface Based NAT is configured. The ALG will not translate the IP properly in the payload.

Solution:

These VoIP applications will only properly function when using policy based NAT. This also affects IPSec VPNs.

To resolve this issue, it is strongly recommended that policy-based NAT (Source Network Address Translation within the policy) is used on the policies that the SIP, H.323 and RTSP traffic passes thru. Typically, when policy-based NAT is used, the Trust or Source Interface is changed to Route mode, and all policies (that are required to be NAT'd) are configured to use policy-based NAT. However, It is okay that the Trust or Source Interface still remain in NAT mode, as long as the SIP, H.323 pass thru a policy with NAT enabled on the policy.