Manualshelf

User`s guide

ManualsBrandsProxicast ManualsComputer equipmentLAN-Cell 2
361362363364365366367368369370
LAN-Cell 2 User’s Guide
365
CHAPTER 19
ALG Screens
19.1 Overview
This chapter covers how to use the LAN-Cell’s ALG feature to allow certain applications to
pass through the LAN-Cell.
An Application Layer Gateway (ALG) manages a specific protocol (such as SIP, H.323 or
FTP) at the application layer. The LAN-Cell can function as an ALG to allow certain NAT un-
friendly applications (such as SIP) to operate properly through the LAN-Cell.
Some applications cannot operate through NAT (are NAT un-friendly) because they embed IP
addresses and port numbers in their packets’ data payload. The LAN-Cell examines and uses
IP address and port number information embedded in the data stream. When a device behind
the LAN-Cell uses an application for which the LAN-Cell has ALG service enabled, the LAN-
Cell translates the device’s private IP address inside the data stream to a public IP address. It
also records session port numbers and dynamically creates implicit NAT port forwarding and
firewall rules for the application’s traffic to come in from the WAN to the LAN.
To configure the ALG screen proceed to Section 19.2 on page 369.
19.1.1 What You Need to Know About ALG
ALG and NAT
The LAN-Cell dynamically creates an implicit NAT session for the application’s traffic from
the WAN to the LAN.
The ALG on the LAN-Cell supports all NAT mapping types, including One to One, Many to
One, Many to Many Overload and Many One to One.
ALG and the Firewall
The LAN-Cell uses the dynamic port that the session uses for data transfer in creating an
implicit temporary firewall rule for the session’s traffic. The firewall rule only allows the
session’s traffic to go through in the direction that the LAN-Cell determines from its
inspection of the data payload of the application’s packets. The firewall rule is automatically
deleted after the application’s traffic has gone through.