Algs, Overview, Deploying an alg – Amer Networks E5Web GUI User Manual

6.2. ALGs

6.2.1. Overview

To complement low-level packet filtering, which only inspects packet headers in protocols such
as IP, TCP, UDP, and ICMP, Clavister Security Gateways provide Application Layer Gateways (ALGs)
which provide filtering at the higher application OSI level.

An ALG object acts as a mediator in accessing commonly used Internet applications outside the
protected network, for example web access, file transfer and multimedia transfer. ALGs provide
higher security than packet filtering since they are capable of scrutinizing all traffic for a specific
protocol and perform checks at the higher levels of the TCP/IP stack.

ALGs exist for the following protocols in cOS Core:

•

HTTP

•

FTP

•

TFTP

•

SMTP

•

POP3

•

SIP

•

H.323

•

TLS

Deploying an ALG

Once a new ALG object is defined by the administrator, it is brought into use by first associating
it with a Service object and then associating that service with an IP rule in the cOS Core IP rule set.

Figure 6.1. Deploying an ALG

Chapter 6: Security Mechanisms

384