2 application level gateways, 3 port forwarding – Ericsson WCDMA/HSDPA User Manual

Configuration and Management

2.8.2

Application Level Gateways

From a security perspective, certain Internet applications, for example FTP
applications that open additional ports upon transfer, are especially
problematic to handle. An Application Level Gateway (ALG) provides a
translation and transportation service for such a specific application.
Incoming data packets are checked against existing NAT and packet
filtering rules, IP addresses are evaluated and a detailed packet analysis is
performed. If necessary, the contents of a packet are modified and if a
secondary port is required, the ALG will open one. The Ericsson W20
includes ALG support for the following applications:

Application Protocol

Port
number

File Transfer Protocol (FTP)

TCP

21

Trivial File Transfer Protocol (TFTP)

UDP

69

The ALG for each application does not require additional configuration. The
supported ALGs can be enabled and disabled individually. To disable an
ALG, clear the corresponding check box on the NAT page and click

Apply

.

2.8.3 Port

Forwarding

Port forwarding is used to allow incoming access to a specific local network
device, for example an internal web server.

Note: Port forwarding requires a public IP address of the Ericsson W20.

The Ericsson W20 IP address is displayed on the Internet page. If
the IP address begins with 10, 172, or 192, it is probably private.
In this case, no incoming access from the Internet is allowed. For
more information on public and private IP addresses, contact your
service provider.

Adding an Instance

To add a new port forwarding instance, click Add instance in the Port
Forwarding section on the NAT page. The Add Port Forwarding page is
displayed:

32

1/1551-CRH 102 167 PA15 2006-08-16