Sip Alg - ZyXEL Communications ZyWall 110 User Manual
Security firewalls
Hide thumbs
Also See for ZyWall 110:
- User manual (1090 pages) ,
- Handbook (749 pages) ,
- Handbook & instructions (255 pages)
Table of Contents
Advertisement
FTP ALG
The FTP ALG allows TCP packets with a specified port destination to pass through. If the FTP server
is located on the LAN, you must also configure NAT (port forwarding) and security policies if you
want to allow access to the server from the WAN. Bandwidth management can be applied to FTP
ALG traffic.
H.323 ALG
• The H.323 ALG supports peer-to-peer H.323 calls.
• The H.323 ALG handles H.323 calls that go through NAT or that the ZyWALL/USG routes. You can
also make other H.323 calls that do not go through NAT or routing. Examples would be calls
between LAN IP addresses that are on the same subnet.
• The H.323 ALG allows calls to go out through NAT. For example, you could make a call from a
private IP address on the LAN to a peer device on the WAN.
• The H.323 ALG operates on TCP packets with a specified port destination.
• Bandwidth management can be applied to H.323 ALG traffic.
• The ZyWALL/USG allows H.323 audio connections.
• The ZyWALL/USG can also apply bandwidth management to traffic that goes through the H.323
ALG.
The following example shows H.323 signaling (1) and audio (2) sessions between H.323 devices A
and B.
Figure 207 H.323 ALG Example
SIP ALG
• SIP phones can be in any zone (including LAN, DMZ, WAN), and the SIP server and SIP clients
can be in the same network or different networks. The SIP server cannot be on the LAN. It must
be on the WAN or the DMZ.
• There should be only one SIP server (total) on the ZyWALL/USG's private networks. Any other
SIP servers must be on the WAN. So for example you could have a Back-to-Back User Agent such
as the IPPBX x6004 or an asterisk PBX on the DMZ or on the LAN but not on both.
• Using the SIP ALG allows you to use bandwidth management on SIP traffic. Bandwidth
management can be applied to FTP ALG traffic. Use the option in the Configuration > BWM
screen to configure the highest bandwidth available for SIP traffic.
• The SIP ALG handles SIP calls that go through NAT or that the ZyWALL/USG routes. You can also
make other SIP calls that do not go through NAT or routing. Examples would be calls between
LAN IP addresses that are on the same subnet.
• The SIP ALG supports peer-to-peer SIP calls. The security policy (by default) allows peer to peer
calls from the LAN zone to go to the WAN zone and blocks peer to peer calls from the WAN zone
to the LAN zone.
• The SIP ALG allows UDP packets with a specified port destination to pass through.
Chapter 14 ALG
ZyWALL/USG Series User's Guide
304
- Quick Links:
- Web Configurator
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
