beautypg.com

Configuring alg, Alg overview – H3C Technologies H3C SecPath F1000-E User Manual

Page 52

background image

45

Configuring ALG

ALG overview

The application level gateway (ALG) feature is used to process application layer packets.
Usually, Network Address Translation (NAT) translates only IP address and port information in packet
headers and does not analyze fields in application layer payloads. However, the packet payloads of

some protocols may contain IP address or port information, which, if not translated, may cause problems.

For example, a File Transfer Protocol (FTP) application involves both data connection and control

connection, and data connection establishment dynamically depends on the payload information of the
control connection. ALG can process the payload information to make sure that the corresponding data

connections can be established.
ALG can work with NAT and Application Specific Packet Filter (ASPF) to implement the following

functions:

Address translation:
Resolving the source IP address, port, protocol type (TCP or UDP), and remote IP address
information in packet payloads.

Data connection detection:
Extracting information required for data connection establishment and establishing data
connections for data exchange.

Application layer status checking:
Inspecting the status of the application layer protocol in packets. If the status is right, updating the

packet state machine and performing further processing; otherwise, dropping packets with
incorrect states.

Support for the functions depends on the application layer protocol. ALG can be used to process packets

of the following protocols:

Internet Control Message Protocol (ICMP)

File Transfer Protocol (FTP)

Domain Name System (DNS)

Real Time Streaming Protocol (RTSP)

H.323, including Registration, Admission, Status (RAS), H.225, and H.245

Session Initiation Protocol (SIP)

SQLNET (a language in Oracle)

Point-to-Point Tunneling Protocol (PPTP)

Internet Locator Service (ILS)

Network Basic Input/Output System (NBT)

MSN/QQ

Trivial File Transfer Protocol (TFTP)

Skinny Client Control Protocol (SCCP)

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: