ZyXEL Communications 5 Series Manuel D’Utilisation
ZyWALL 5/35/70 Series User’s Guide
531
C
H A P T E R
3 0
ALG Screen
30.1 Overview
This chapter covers how to use the ZyWALL’s ALG feature to allow certain applications to
pass through the ZyWALL.
pass through the ZyWALL.
An Application Layer Gateway (ALG) manages a specific protocol (such as SIP, H.323 or
FTP) at the application layer. The ZyWALL can function as an ALG to allow certain NAT un-
friendly applications (such as SIP) to operate properly through the ZyWALL.
FTP) at the application layer. The ZyWALL can function as an ALG to allow certain NAT un-
friendly applications (such as SIP) to operate properly through the ZyWALL.
Some applications cannot operate through NAT (are NAT un-friendly) because they embed IP
addresses and port numbers in their packets’ data payload. The ZyWALL examines and uses
IP address and port number information embedded in the data stream. When a device behind
the ZyWALL uses an application for which the ZyWALL has ALG service enabled, the
ZyWALL translates the device’s private IP address inside the data stream to a public IP
address. It also records session port numbers and dynamically creates implicit NAT port
forwarding and firewall rules for the application’s traffic to come in from the WAN to the
LAN.
addresses and port numbers in their packets’ data payload. The ZyWALL examines and uses
IP address and port number information embedded in the data stream. When a device behind
the ZyWALL uses an application for which the ZyWALL has ALG service enabled, the
ZyWALL translates the device’s private IP address inside the data stream to a public IP
address. It also records session port numbers and dynamically creates implicit NAT port
forwarding and firewall rules for the application’s traffic to come in from the WAN to the
LAN.
To configure the ALG screen proceed to
"
See
if you need to use the ALG for SIP, H.323 or
FTP traffic on custom ports.
30.1.1 What You Need to Know About ALG
ALG and NAT
The ZyWALL dynamically creates an implicit NAT session for the application’s traffic from
the WAN to the LAN.
the WAN to the LAN.
The ALG on the ZyWALL supports all NAT mapping types, including One to One, Many to
One, Many to Many Overload and Many One to One.
One, Many to Many Overload and Many One to One.