Deploying An Alg - D-Link NetDefendOS User Manual

ALGs Are Not State Synchronized
No aspect of ALGs are state synchronized in a NetDefendOS high availability cluster.
This means that all traffic handled by ALGs will freeze when a cluster fails over to the
other peer. However, if the cluster fails back over to the original peer within
approximately half a minute, frozen sessions and their associated transfers) should
begin working again. Note that such a failover with almost immediate fallback occurs
each time a new configuration is uploaded.
Maximum Connection Sessions
The service associated with an ALG has a configurable parameter associated with it called Max
Sessions and the default value varies according to the type of ALG. For instance, the default value
for the HTTP ALG is 1000. This means that a 1000 connections are allowed in total for the HTTP
service across all interfaces. The full list of default maximum session values are:
• HTTP ALG - 1000 sessions.
• FTP ALG - 200 sessions.
• TFTP ALG - 200 sessions.
• SMTP ALG - 200 sessions.
• POP3 ALG - 200 sessions.
• H.323 ALG - 100 sessions.
• SIP ALG - 200 sessions.
Tip: Maximum sessions for HTTP can sometimes be too low
This default value of the maximum sessions can often be too low for HTTP if there are
Figure 6.1. Deploying an ALG
426
Chapter 6: Security Mechanisms