6.2. ALGs
6.2.1. Overview
To complement low-level packet filtering, which only inspects packet headers in protocols such
as IP, TCP, UDP, and ICMP, NetDefend Firewalls provide Application Layer Gateways (ALGs) which
provide filtering at the higher application OSI level.
An ALG object acts as a mediator in accessing commonly used Internet applications outside the
protected network, for example web access, file transfer and multimedia transfer. ALGs provide
higher security than packet filtering since they are capable of scrutinizing all traffic for a specific
protocol and perform checks at the higher levels of the TCP/IP stack.
ALGs exist for the following protocols in NetDefendOS:
• HTTP
• FTP
• TFTP
• SMTP
• POP3
• SIP
• H.323
• TLS
Note: IPv6 based traffic is not supported by some ALGs
Only the HTTP (and LW-HTTP) ALGs have support for IPv6 when used with IP rules or IP
policies that reference IPv6 addresses.
Deploying an ALG
Once a new ALG object is defined by the administrator, it is brought into use by first associating
it with a Service object and then associating that service with an IP rule in the NetDefendOS IP
rule set.
Chapter 6: Security Mechanisms
425
To Next Page
Loading...
