Owner`s manual

139

Application Level Gateways

There are certain applications that NAT and Firewall

configurations cannot manage. In many cases, ALGs

(Application Level Gateways) are needed to translate and

transport packets correctly. An ALG provides a service for a

specific application such as FTP (File Transfer Protocol).

Incoming packets are checked against existing NAT rules or

Firewall filters, IP addresses are evaluated and detailed packet

analysis is performed. If necessary, the content of a packet is

modified, and if a secondary port is required, the ALG will open

one. The ALG for each application does not require any

configuration.

ALG support is provided for the following applications. If support

is required for additional applications, security triggers can be

configured for these.

Application TCP Port UDP Port

AIM (AOL Instant Messenger) 5190 N/A

FTP (File Transfer Protocol) 21 N/A

IKE (Internet Key Exchange) N/A 500

ILS (Internet Locator Service) 389 (+1002) N/A

MSN (Microsoft Networks) 1863 N/A

PPTP (Point-to-Point Tunneling

Protocol)

1723 N/A

RSVP (Resource Reservation

Protocol)

N/A N/A

L2TP (Layer 2 Tunneling Protocol) N/A 1701

SIP (Session Initiation Protocol) 5060 5060

Security Trigger

A security trigger can be defined for applications that are not

supported by the ALGs listed above. A security trigger allows

the firewall to dynamically open and close secondary ports

associated with a particular application and to specify the

maximum length of time the port remains open.