ZyXEL Communications 100 Series User Manual
Chapter 18 ALG
ZyWALL USG 100/200 Series User’s Guide
330
18.3 ALG Technical Reference
Here is more detailed information about the Application Layer Gateway.
ALG
Some applications cannot operate through NAT (are NAT un-friendly) because they embed IP
addresses and port numbers in their packets’ data payload. The ZyWALL examines and uses
IP address and port number information embedded in the VoIP traffic’s data stream. When a
device behind the ZyWALL uses an application for which the ZyWALL has VoIP pass
through enabled, the ZyWALL translates the device’s private IP address inside the data stream
to a public IP address. It also records session port numbers and allows the related sessions to
go through the firewall so the application’s traffic can come in from the WAN to the LAN.
addresses and port numbers in their packets’ data payload. The ZyWALL examines and uses
IP address and port number information embedded in the VoIP traffic’s data stream. When a
device behind the ZyWALL uses an application for which the ZyWALL has VoIP pass
through enabled, the ZyWALL translates the device’s private IP address inside the data stream
to a public IP address. It also records session port numbers and allows the related sessions to
go through the firewall so the application’s traffic can come in from the WAN to the LAN.
ALG and Trunks
If you send your ALG-managed traffic through an interface trunk and all of the interfaces are
set to active, you can configure routing policies to specify which interface the ALG-managed
traffic uses.
set to active, you can configure routing policies to specify which interface the ALG-managed
traffic uses.
You could also have a trunk with one interface set to active and a second interface set to
passive. The ZyWALL does not automatically change ALG-managed connections to the
second (passive) interface when the active interface’s connection goes down. When the active
interface’s connection fails, the client needs to re-initialize the connection through the second
interface (that was set to passive) in order to have the connection go through the second
interface. VoIP clients usually re-register automatically at set intervals or the users can
manually force them to re-register.
passive. The ZyWALL does not automatically change ALG-managed connections to the
second (passive) interface when the active interface’s connection goes down. When the active
interface’s connection fails, the client needs to re-initialize the connection through the second
interface (that was set to passive) in order to have the connection go through the second
interface. VoIP clients usually re-register automatically at set intervals or the users can
manually force them to re-register.
FTP
File Transfer Protocol (FTP) is an Internet file transfer service that operates on the Internet and
over TCP/IP networks. A system running the FTP server accepts commands from a system
running an FTP client. The service allows users to send commands to the server for uploading
and downloading files.
over TCP/IP networks. A system running the FTP server accepts commands from a system
running an FTP client. The service allows users to send commands to the server for uploading
and downloading files.
Enable FTP
Transformations
Transformations
Turn on the FTP ALG to allow FTP sessions to pass through the ZyWALL. FTP (File
Transfer Program) enables fast transfer of files, including large files that may not be
possible by e-mail.
Using the FTP ALG allows you to use bandwidth management on FTP traffic.
Transfer Program) enables fast transfer of files, including large files that may not be
possible by e-mail.
Using the FTP ALG allows you to use bandwidth management on FTP traffic.
FTP Signaling
Port
Port
If you are using a custom TCP port number (not 21) for FTP traffic, enter it here.
Additional FTP
Signaling port
for
transformations
Signaling port
for
transformations
If you are also using FTP on an additional TCP port number, enter it here.
Apply
Click Apply to
save your changes back to the ZyWALL.
Reset
Click Reset to begin configuring this screen afresh.
Table 108 Network > ALG (continued)
LABEL
DESCRIPTION