ZyXEL Communications ZyWALL 300 사용자 설명서
ZyWALL USG 300 User’s Guide
265
C
H A P T E R
1 8
ALG
This chapter covers how to use the ZyWALL’s ALG feature to allow certain applications to
pass through the ZyWALL. See
pass through the ZyWALL. See
for related information on these
screens.
18.1 ALG Introduction
The ZyWALL can function as an Application Layer Gateway (ALG) to allow certain NAT un-
friendly applications (such as SIP) to operate properly through the ZyWALL’s NAT.
friendly applications (such as SIP) to operate properly through the ZyWALL’s NAT.
Some applications cannot operate through NAT (are NAT un-friendly) because they embed IP
addresses and port numbers in their packets’ data payload. The ZyWALL examines and uses
IP address and port number information embedded in the VoIP traffic’s data stream. When a
device behind the ZyWALL uses an application for which the ZyWALL has VoIP pass
through enabled, the ZyWALL translates the device’s private IP address inside the data stream
to a public IP address. It also records session port numbers and allows the related sessions to
go through the firewall so the application’s traffic can come in from the WAN to the LAN.
addresses and port numbers in their packets’ data payload. The ZyWALL examines and uses
IP address and port number information embedded in the VoIP traffic’s data stream. When a
device behind the ZyWALL uses an application for which the ZyWALL has VoIP pass
through enabled, the ZyWALL translates the device’s private IP address inside the data stream
to a public IP address. It also records session port numbers and allows the related sessions to
go through the firewall so the application’s traffic can come in from the WAN to the LAN.
The ZyWALL only needs to use the ALG feature for traffic that goes through the ZyWALL’s
NAT. The firewall allows related sessions. The firewall allows or blocks peer to peer traffic
based on the firewall rules.
NAT. The firewall allows related sessions. The firewall allows or blocks peer to peer traffic
based on the firewall rules.
You do not need to use STUN (Simple Traversal of User Datagram Protocol (UDP) through
Network Address Translators) for VoIP devices behind the ZyWALL when you enable the
SIP ALG.
Network Address Translators) for VoIP devices behind the ZyWALL when you enable the
SIP ALG.
18.1.1 Application Layer Gateway (ALG) and NAT
The ZyWALL dynamically creates an implicit NAT session for the application’s traffic from
the WAN to the LAN. The ALG on the ZyWALL supports all of the ZyWALL’s NAT
mapping types.
the WAN to the LAN. The ALG on the ZyWALL supports all of the ZyWALL’s NAT
mapping types.
18.1.2 ALG and Trunks
If you send your ALG-managed traffic through an interface trunk and all of the interfaces are
set to active, you can configure routing policies to specify which interface the ALG-managed
traffic uses.
set to active, you can configure routing policies to specify which interface the ALG-managed
traffic uses.