Alg screen, 1 alg introduction, 1 alg and nat – ZyXEL Communications NBG410W3G User Manual

NBG410W3G Series User’s Guide

293

C

H A P T E R

18

ALG Screen

This chapter covers how to use the ZyXEL Device’s ALG feature to allow certain applications
to pass through the ZyXEL Device.

18.1 ALG Introduction

An Application Layer Gateway (ALG) manages a specific protocol (such as SIP, H.323 or
FTP) at the application layer. The ZyXEL Device can function as an ALG to allow certain
NAT un-friendly applications (such as SIP) to operate properly through the ZyXEL Device.
Some applications cannot operate through NAT (are NAT un-friendly) because they embed IP
addresses and port numbers in their packets’ data payload. The ZyXEL Device examines and
uses IP address and port number information embedded in the data stream. When a device
behind the ZyXEL Device uses an application for which the ZyXEL Device has ALG service
enabled, the ZyXEL Device translates the device’s private IP address inside the data stream to
a public IP address. It also records session port numbers and dynamically creates implicit NAT
port forwarding and firewall rules for the application’s traffic to come in from the WAN to the
LAN.

18.1.1 ALG and NAT

The ZyXEL Device dynamically creates an implicit NAT session for the application’s traffic
from the WAN to the LAN.
The ALG on the ZyXEL Device supports all NAT mapping types, including One to One,
Many to One, Many to Many Overload and Many One to One.

18.1.2 ALG and the Firewall

The ZyXEL Device uses the dynamic port that the session uses for data transfer in creating an
implicit temporary firewall rule for the session’s traffic. The firewall rule only allows the
session’s traffic to go through in the direction that the ZyXEL Device determines from its
inspection of the data payload of the application’s packets. The firewall rule is automatically
deleted after the application’s traffic has gone through.