Chapter 19 ALG

 

Table 96 Configuration > Network > ALG (continued)

 

LABEL

DESCRIPTION

 

Enable FTP ALG

Turn on the FTP ALG to detect FTP (File Transfer Program) traffic and

 

 

help build FTP sessions through the ZyWALL’s NAT. Enabling the FTP

 

 

ALG also allows you to use the application patrol to detect FTP traffic

 

 

and manage the FTP traffic’s bandwidth (see Chapter 28 on page 437).

 

 

 

 

Enable FTP

Select this option to have the ZyWALL modify IP addresses and port

 

Transformations

numbers embedded in the FTP data payload to match the ZyWALL’s

 

 

NAT environment.

 

 

Clear this option if you have an FTP device or server that will modify IP

 

 

addresses and port numbers embedded in the FTP data payload to

 

 

match the ZyWALL’s NAT environment.

 

 

 

 

FTP Signaling

If you are using a custom TCP port number (not 21) for FTP traffic,

 

Port

enter it here.

 

 

 

 

Additional FTP

If you are also using FTP on an additional TCP port number, enter it

 

Signaling Port

here.

 

for

 

 

Transformations

 

 

 

 

 

Apply

Click Apply to save your changes back to the ZyWALL.

 

 

 

 

Reset

Click Reset to return the screen to its last-saved settings.

 

 

 

19.3 ALG Technical Reference

Here is more detailed information about the Application Layer Gateway.

ALG

Some applications cannot operate through NAT (are NAT un-friendly) because they embed IP addresses and port numbers in their packets’ data payload. The ZyWALL examines and uses IP address and port number information embedded in the VoIP traffic’s data stream. When a device behind the ZyWALL uses an application for which the ZyWALL has VoIP pass through enabled, the ZyWALL translates the device’s private IP address inside the data stream to a public IP address. It also records session port numbers and allows the related sessions to go through the firewall so the application’s traffic can come in from the WAN to the LAN.

ALG and Trunks

If you send your ALG-managed traffic through an interface trunk and all of the interfaces are set to active, you can configure routing policies to specify which interface the ALG-managed traffic uses.

You could also have a trunk with one interface set to active and a second interface set to passive. The ZyWALL does not automatically change ALG-managed

 

341

ZyWALL USG 50 User’s Guide