Alg Technical Reference - ZyXEL Communications 310 User Manual

Chapter 15 ALG

15.3 ALG Technical Reference

Here is more detailed information about the Application Layer Gateway.
ALG
Some applications cannot operate through NAT (are NAT un-friendly) because they embed IP
addresses and port numbers in their packets' data payload. The ZyWALL examines and uses IP
address and port number information embedded in the VoIP traffic's data stream. When a device
behind the ZyWALL uses an application for which the ZyWALL has VoIP pass through enabled, the
ZyWALL translates the device's private IP address inside the data stream to a public IP address. It
also records session port numbers and allows the related sessions to go through the firewall so the
application's traffic can come in from the WAN to the LAN.
ALG and Trunks
If you send your ALG-managed traffic through an interface trunk and all of the interfaces are set to
active, you can configure routing policies to specify which interface the ALG-managed traffic uses.
You could also have a trunk with one interface set to active and a second interface set to passive.
The ZyWALL does not automatically change ALG-managed connections to the second (passive)
interface when the active interface's connection goes down. When the active interface's connection
fails, the client needs to re-initialize the connection through the second interface (that was set to
passive) in order to have the connection go through the second interface. VoIP clients usually re-
register automatically at set intervals or the users can manually force them to re-register.
FTP
File Transfer Protocol (FTP) is an Internet file transfer service that operates on the Internet and over
TCP/IP networks. A system running the FTP server accepts commands from a system running an
FTP client. The service allows users to send commands to the server for uploading and downloading
files.
H.323
H.323 is a standard teleconferencing protocol suite that provides audio, data and video
conferencing. It allows for real-time point-to-point and multipoint communication between client
computers over a packet-based network that does not provide a guaranteed quality of service.
NetMeeting uses H.323.
SIP
The Session Initiation Protocol (SIP) is an application-layer control (signaling) protocol that handles
the setting up, altering and tearing down of voice and multimedia sessions over the Internet. SIP is
used in VoIP (Voice over IP), the sending of voice signals over the Internet Protocol.
SIP signaling is separate from the media for which it handles sessions. The media that is exchanged
during the session can use a different path from that of the signaling. SIP handles telephone calls
and can interface with traditional circuit-switched telephone networks.
238
ZyWALL 110/310/1100 Series User's Guide