Ip firewall alg [ftp | h323 | pptp – ADTRAN 1000R Series User Manual

Command Reference Guide

Global Configuration Mode Command Set

61200510L1-35E

Copyright © 2005 ADTRAN

419

ip firewall alg [ftp | h323 | pptp]

Use the ip firewall alg command to enable the application-level gateway (ALG) for a particular
application. Use the no form of this command to disable ALG for the application.

Syntax Description

ftp

Enables the FTP ALG.

h323

Enables the H323 ALG.

pptp

Enables the PPTP ALG.

Default Values

By default, the ALG for FTP, H323, and PPTP are enabled.

Applicable Platforms

This command applies to the NetVanta 300, 1000R, 3000, 4000, and 5000 and Total Access 900 Series
units.

Command History

Release 8.1

Command was introduced.

Release 10.1

H323 was added.

Functional Notes

Enabling the Application Layer Gateway (ALG) for a specific protocol gives the firewall additional
information about that complex protocol and causes the firewall to perform additional processing for
packets of that protocol. When the ALG is disabled, the firewall treats the complex protocol as any other
simple protocol. The firewall needs no special knowledge to work well with simple protocols.

Usage Examples

The following example disables ALG for FTP:

(config)#no ip firewall alg ftp

Disabling the IP firewall ALG may cause the firewall to block some of the traffic for
the specified protocol.