beautypg.com

Application level gateway configuration, Alg overview – H3C Technologies H3C SecBlade FW Cards User Manual

Page 34

background image

27

Application level gateway configuration

ALG overview

The application level gateway (ALG) feature is used to process application layer packets.
Usually, Network Address Translation (NAT) translates only IP address and port information in packet
headers; it does not analyze fields in application layer payloads. However, the packet payloads of some

protocols may contain IP address or port information, which, if not translated, may cause problems. For

example, a File Transfer Protocol (FTP) application involves both data connection and control connection,

and data connection establishment dynamically depends on the payload information of the control
connection. ALG can process the payload information to ensure that the data connections can be

established.
ALG can work with NAT and Application Specific Packet Filter (ASPF) to implement the following

functions:

Address translation

Resolving the source IP address, port, protocol type (TCP or UDP), and remote IP address information in
packet payloads.

Data connection detection

Extracting information required for data connection establishment and establishing data connections for

data exchange.

Application layer status checking

Inspecting the status of the application layer protocol in packets. If the status is right, updating the packet

state machine and performing further processing; otherwise, dropping packets with incorrect states.
Support for the functions depends on the application layer protocol. ALG can be used to process packets

of the following protocols:

Domain Name System (DNS)

FTP

H.323, including Registration, Admission, Status (RAS), H.225, and H.245

Hyper Text Transport Protocol (HTTP)

Internet Control Message Protocol (ICMP)

Internet Locator Server (ILS)

MSN/QQ

Network Basic Input/Output System (NBT)

Point-to-Point Tunneling Protocol (PPTP)

Real-Time Streaming Protocol (RTSP)

Session Initiation Protocol (SIP)

SQLNET (a language in Oracle)

Trivial File Transfer Protocol (TFTP)

Point-to-Point Tunneling Protocol (PPTP)

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: