143
Application Level Gateways
There are certain applications that NAT and Firewall configurations
cannot manage. In many cases, ALGs (Application Level
Gateways) are needed to translate and transport packets correctly.
An ALG provides a service for a specific application such as FTP
(File Transfer Protocol). Incoming packets are checked against
existing NAT rules or Firewall filters, IP addresses are evaluated
and detailed packet analysis is performed. If necessary, the content
of a packet is modified, and if a secondary port is required, the ALG
will open one. The ALG for each application does not require any
configuration.
ALG support is provided for the following applications. If support is
required for additional applications, security triggers can be
configured for these.
Application TCP Port UDP Port
AIM (AOL Instant Messenger) 5190 N/A
FTP (File Transfer Protocol) 21 N/A
IKE (Internet Key Exchange) N/A 500
ILS (Internet Locator Service) 389 (+1002) N/A
MSN (Microsoft Networks) 1863 N/A
PPTP (Point-to-Point Tunneling
Protocol)
1723 N/A
RSVP (Resource Reservation
Protocol)
N/A N/A
L2TP (Layer 2 Tunneling Protocol) N/A 1701
SIP (Session Initiation Protocol) 5060 5060
Security Trigger
A security trigger can be defined for applications that are not
supported by the ALGs listed above. A security trigger allows the
firewall to dynamically open and close secondary ports associated
with a particular application and to specify the maximum length of
time the port remains open.
To Next Page
Loading...
