What You Need To Know About Alg; Figure 234 H.323 Alg Example - ZyXEL Communications ZyWALL USG 100 Series User Manual
Unified security gateway
Hide thumbs
Also See for ZyWALL USG 100 Series:
- Quick start manual (128 pages) ,
- Release note (19 pages) ,
- Specifications (4 pages)
Table of Contents
Advertisement
Chapter 18 ALG
18.1.2 What You Need to Know About ALG
Application Layer Gateway (ALG), NAT and Firewall
The ZyWALL can function as an Application Layer Gateway (ALG) to allow certain NAT un-
friendly applications (such as SIP) to operate properly through the ZyWALL's NAT and
firewall. The ZyWALL dynamically creates an implicit NAT session and firewall session for
the application's traffic from the WAN to the LAN. The ALG on the ZyWALL supports all of
the ZyWALL's NAT mapping types.
FTP ALG
The FTP ALG allows TCP packets with a specified port destination to pass through. If the FTP
server is located on the LAN, you must also configure NAT port forwarding and firewall rules
if you want to allow access to the server from the WAN.
H.323 ALG
• The H.323 ALG supports peer-to-peer H.323 calls.
• The H.323 ALG handles H.323 calls that go through NAT or that the ZyWALL routes.
You can also make other H.323 calls that do not go through NAT or routing. Examples
would be calls between LAN IP addresses that are on the same subnet.
• The H.323 ALG allows calls to go out through NAT. For example, you could make a call
from a private IP address on the LAN to a peer device on the WAN.
• The H.323 ALG operates on TCP packets with a specified port destination.
• The ZyWALL allows H.323 audio connections.
• The ZyWALL can also apply bandwidth management to traffic that goes through the
H.323 ALG.
The following example shows H.323 signaling (1) and audio (2) sessions between H.323
devices A and B.
Figure 234 H.323 ALG Example
SIP ALG
• SIP clients can be connected to the LAN or DMZ. A SIP server must be on the WAN.
• Using the SIP ALG allows you to use bandwidth management on SIP traffic.
• The SIP ALG handles SIP calls that go through NAT or that the ZyWALL routes. You can
also make other SIP calls that do not go through NAT or routing. Examples would be calls
between LAN IP addresses that are on the same subnet.
• The SIP ALG supports peer-to-peer SIP calls. The firewall (by default) allows peer to peer
calls from the LAN zone to go to the WAN zone and blocks peer to peer calls from the
WAN zone to the LAN zone.
328
ZyWALL USG 100/200 Series User's Guide
- Quick Links:
- Getting Started
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
