Enabling or disabling transformation is mainly determined by where the servers are located, and by where the endpoints, communication devices, or located.
Enable transformations if the server, PBX or Proxy, is on the internet, and the devices are behind the firewall.
Disable transformations if the server and endpoints are behind the firewall, and the PBX talks to the outside world, VoIP provider. Using enhanced firmware: create the needed address objects, NAT policies, and access rule(s) for the server. It maybe necessary to create an outbound rule for the registration port to adjust the UDP timeout value from the default of thirty seconds from the PBX LAN address to WAN. The adjusted timeout should be 120 seconds more than the registration timeout configured on the server. Service groups will reduce the amount of rules needed. If behind a firewall using standard firmware follow the normal rules creation for all ports needed allowing access to the internal address. Standard does not have the option to adjust UDP timeout. Transformation enabled may work, depending on the vendor's implementation of the RFC.
Disable transformations if the communication is only through VPN tunnels.
If the configuration is a mesh of VPN communication, and public sip providers, disable transformations on the remote, and configure accordingly on the main site. If provider has different requirements.
Often when disabling or enabling a transformation option requires a reboot of the firewall.