Table of Contents
Advertisement
All manuals and user guides at all-guides.com
ALG Service Settings
Application Layer Gateway (ALG) is a special function of ZSR4134WE. In the
context of computer networking, an ALG or application layer gateway consists
of a security component that augments a firewall or NAT employed in a
computer network. It allows customized NAT traversal filters to be plugged into
the gateway to support address and port translation for certain application layer
"control/data" protocols such as FTP, BitTorrent, SIP, RTSP, file transfer
applications etc.
In order for these protocols to work through NAT or a firewall, either the
application has to know about an address/port number combination that allows
incoming packets, or the NAT has to monitor the control traffic and open up port
mappings (firewall pinhole) dynamically as required. Legitimate application
data can thus be passed through the security checks of the firewall or NAT that
would have otherwise restricted the traffic for not meeting its limited filter
criteria.
Usually allowing client applications to use dynamic ephemeral TCP/ UDP ports
to communicate with the known ports used by the server applications, even
though a firewall-configuration may allow only a limited number of known ports.
In the absence of an ALG, either the ports would get blocked or the network
administrator would need to explicitly open up a large number of ports in the
firewall; rendering the network vulnerable to attacks on those ports.
In default ALG settings, FTP/TFTP/PPTP/IPSEC/L2TP protocols are enabled. It is
recommended to keep the settings unchanged.
37
Advertisement
Table of Contents
