Alg; Chapter 21 Alg; Alg Introduction - ZyXEL Communications ZYWALL USG Series Reference Manual
Security firewalls
Hide thumbs
Also See for ZYWALL USG Series:
- Application notes (187 pages) ,
- Application note (184 pages) ,
- User manual (150 pages)
Table of Contents
Advertisement
This chapter covers how to use the ZyWALL / USG's ALG feature to allow certain applications to
pass through the ZyWALL / USG.
21.1 ALG Introduction
The ZyWALL / USG can function as an Application Layer Gateway (ALG) to allow certain NAT un-
friendly applications (such as SIP) to operate properly through the ZyWALL / USG's NAT.
Some applications cannot operate through NAT (are NAT un-friendly) because they embed IP
addresses and port numbers in their packets' data payload. The ZyWALL / USG examines and uses
IP address and port number information embedded in the VoIP traffic's data stream. When a device
behind the ZyWALL / USG uses an application for which the ZyWALL / USG has VoIP pass through
enabled, the ZyWALL / USG translates the device's private IP address inside the data stream to a
public IP address. It also records session port numbers and allows the related sessions to go
through the firewall so the application's traffic can come in from the WAN to the LAN.
The ZyWALL / USG only needs to use the ALG feature for traffic that goes through the ZyWALL /
USG's NAT. The firewall allows related sessions for VoIP applications that register with a server. The
firewall allows or blocks peer to peer VoIP traffic based on the firewall rules.
You do not need to use a TURN (Traversal Using Relay NAT) server for VoIP devices behind the
ZyWALL / USG when you enable the SIP ALG.
ZyWALL / USG (ZLD) CLI Reference Guide
C
HAPTER
2 1
ALG
149
Hide quick links:
Advertisement
Table of Contents
