What You Need To Know - ZyXEL Communications ZYWALL USG 20 Manual

Chapter 19 ALG

19.1.2 What You Need to Know

Application Layer Gateway (ALG), NAT and Firewall
The ZyWALL can function as an Application Layer Gateway (ALG) to allow certain
NAT un-friendly applications (such as SIP) to operate properly through the
ZyWALL's NAT and firewall. The ZyWALL dynamically creates an implicit NAT
session and firewall session for the application's traffic from the WAN to the LAN.
The ALG on the ZyWALL supports all of the ZyWALL's NAT mapping types.
FTP ALG
The FTP ALG allows TCP packets with a specified port destination to pass through.
If the FTP server is located on the LAN, you must also configure NAT (port
forwarding) and firewall rules if you want to allow access to the server from the
WAN.
H.323 ALG
• The H.323 ALG supports peer-to-peer H.323 calls.
• The H.323 ALG handles H.323 calls that go through NAT or that the ZyWALL
routes. You can also make other H.323 calls that do not go through NAT or
routing. Examples would be calls between LAN IP addresses that are on the
same subnet.
• The H.323 ALG allows calls to go out through NAT. For example, you could make
a call from a private IP address on the LAN to a peer device on the WAN.
• The H.323 ALG operates on TCP packets with a specified port destination.
• The ZyWALL allows H.323 audio connections.
• The ZyWALL can also apply bandwidth management to traffic that goes through
the H.323 ALG.
The following example shows H.323 signaling (1) and audio (2) sessions between
H.323 devices A and B.
Figure 212 H.323 ALG Example
SIP ALG
• SIP phones can be in any zone (including LAN, DMZ, WAN), and the SIP server
and SIP clients can be in the same network or different networks.
352
ZyWALL USG 20/20W User's Guide