User`s manual

5-3. Advanced - ALG Service

In the context of computer networking, an ALG or application layer gateway consists of a security component that

augments a firewall or NAT employed in a computer network. It allows customized NAT traversal filters to be

plugged into the gateway to support address and port translation for certain application layer "control/data"

protocols such as FTP, BitTorrent, SIP, RTSP, file transfer applications etc.

In order for these protocols to work through NAT or a firewall, either the application has to know about an

address/port number combination that allows incoming packets, or the NAT has to monitor the control traffic and

open up port mappings (firewall pinhole) dynamically as required. Legitimate application data can thus be passed

through the security checks of the firewall or NAT that would have otherwise restricted the traffic for not meeting

its limited filter criteria.

Usually allowing client applications to use dynamic ephemeral TCP/ UDP ports to communicate with the known

ports used by the server applications, even though a firewall-configuration may allow only a limited number of

known ports. In the absence of an ALG, either the ports would get blocked or the network administrator would

need to explicitly open up a large number of ports in the firewall; rendering the network vulnerable to attacks on

those ports.

In the default ALG settings, the following protocols have enabled:

 FTP

 TFTP

 PPTP

 IPSec

 L2TP

It is recommended to keep the settings unchanged.