ZyXEL 2WG 사용자 가이드
ZyWALL 2WG User’s Guide
465
C
H A P T E R
25
ALG Screen
25.1 Overview
This chapter covers how to use the ZyWALL’s ALG feature to allow certain applications to
pass through the ZyWALL.
An Application Layer Gateway (ALG) manages a specific protocol (such as SIP, H.323 or
FTP) at the application layer. The ZyWALL can function as an ALG to allow certain NAT un-
friendly applications (such as SIP) to operate properly through the ZyWALL.
Some applications cannot operate through NAT (are NAT un-friendly) because they embed IP
addresses and port numbers in their packets’ data payload. The ZyWALL examines and uses
IP address and port number information embedded in the data stream. When a device behind
the ZyWALL uses an application for which the ZyWALL has ALG service enabled, the
ZyWALL translates the device’s private IP address inside the data stream to a public IP
address. It also records session port numbers and dynamically creates implicit NAT port
forwarding and firewall rules for the application’s traffic to come in from the WAN to the
LAN.
To configure the ALG screen proceed to
pass through the ZyWALL.
An Application Layer Gateway (ALG) manages a specific protocol (such as SIP, H.323 or
FTP) at the application layer. The ZyWALL can function as an ALG to allow certain NAT un-
friendly applications (such as SIP) to operate properly through the ZyWALL.
Some applications cannot operate through NAT (are NAT un-friendly) because they embed IP
addresses and port numbers in their packets’ data payload. The ZyWALL examines and uses
IP address and port number information embedded in the data stream. When a device behind
the ZyWALL uses an application for which the ZyWALL has ALG service enabled, the
ZyWALL translates the device’s private IP address inside the data stream to a public IP
address. It also records session port numbers and dynamically creates implicit NAT port
forwarding and firewall rules for the application’s traffic to come in from the WAN to the
LAN.
To configure the ALG screen proceed to
25.1.1 What You Need to Know About ALG
ALG and NAT
The ZyWALL dynamically creates an implicit NAT session for the application’s traffic from
the WAN to the LAN.
The ALG on the ZyWALL supports all NAT mapping types, including One to One, Many to
One, Many to Many Overload and Many One to One.
the WAN to the LAN.
The ALG on the ZyWALL supports all NAT mapping types, including One to One, Many to
One, Many to Many Overload and Many One to One.
ALG and the Firewall
The ZyWALL uses the dynamic port that the session uses for data transfer in creating an
implicit temporary firewall rule for the session’s traffic. The firewall rule only allows the
session’s traffic to go through in the direction that the ZyWALL determines from its inspection
of the data payload of the application’s packets. The firewall rule is automatically deleted after
the application’s traffic has gone through.
implicit temporary firewall rule for the session’s traffic. The firewall rule only allows the
session’s traffic to go through in the direction that the ZyWALL determines from its inspection
of the data payload of the application’s packets. The firewall rule is automatically deleted after
the application’s traffic has gone through.
ALG and Multiple WAN
When the ZyWALL has two WAN interfaces and uses the second highest priority WAN
interfaces as a back up, traffic cannot pass through when the primary WAN connection fails.
The ZyWALL does not automatically change the connection to the secondary WAN interfaces.
interfaces as a back up, traffic cannot pass through when the primary WAN connection fails.
The ZyWALL does not automatically change the connection to the secondary WAN interfaces.