Typical Rule Based ALG and DNAT Example Using OmniAccess 5740 USG
Except on the first page, right running head:
Heading1 or Heading1NewPage text (automatic)
797
Alcatel-Lucent
Beta Beta
OmniAccess 5740 Unified Services Gateway CLI Configuration Guide
TYPICAL RULE BASED ALG AND DNAT EXAMPLE USING
O
MNIACCESS 5740 USG
When there are multiple internal FTP servers inside the DMZ and sufficient Public
IP addresses are not available, these multiple FTP servers should run on different
ports so that they can be accessed from outside using DNAT. As a standard
service, FTP ALG is registered only on port 21 so outsiders will not be able to
access internal servers. To allow outside access to internal FTP Servers, FTP
ALG should be registered on those ports where FTP Server is listening for a
control connection.
The following example illustrates how rule based ALG solves this problem by
mapping the non-standard ports to standard service so that FTP ALG can be
invoked on these non-standard ports.
Figure 25: ALG Configuration Scenario
To Next Page
Loading...
Need help?
General
