Configuring alg, Alg process – H3C Technologies H3C WX3000E Series Wireless Switches User Manual
Page 303
282
Configuring ALG
Application Level Gateway (ALG) processes the payload information of application layer packets to
make sure data connections can be established.
Usually, NAT translates only IP address and port information in packet headers and does not analyze
fields in application layer payloads. However, the packet payloads of some protocols might contain IP
address or port information, which might cause problems if not translated. For example, an FTP
application involves both data connection and control connection, and data connection establishment
dynamically depends on the payload information of the control connection.
ALG can work with NAT and ASPF to implement the following functions:
•
Address translation—Resolves the source IP address, port, protocol type (TCP or UDP), and remote
IP address information in packet payloads.
•
Data connection detection—Extracts information required for data connection establishment and
establishing data connections for data exchange.
•
Application layer status checking—Inspects the status of the application layer protocol in packets.
Packets with correct states have their status updated and are sent for further processing, whereas
packets with incorrect states are dropped.
Support for these functions depends on the application layer protocol.
ALG can process the following protocol packets:
•
DNS
•
FTP
•
ILS
•
MSN/QQ
•
NBT
•
PPTP
•
RTSP
•
SCCP
•
SIP
•
SQLNET, a language in Oracle
•
TFTP
NOTE:
Support for ALG depends on the device model. For more information, see "
Controllers Web-Based Configuration Guide
ALG process
The following example describes the FTP operation of an ALG-enabled device.
As shown in
, the host on the external network accesses the FTP server on the internal network
in passive mode through the ALG-enabled device.