beautypg.com

Application level gateway configuration, Alg overview – H3C Technologies H3C SecPath F1000-E User Manual

Page 464

background image

1

Application Level Gateway Configuration

ALG Overview

The application level gateway (ALG) feature is used to process application layer packets.
Usually, Network Address Translation (NAT) translates only IP address and port information in packet
headers and does not analyze fields in application layer payloads. However, the packet payloads of

some protocols may contain IP address or port information, which, if not translated, may cause

problems. For example, a File Transfer Protocol (FTP) application involves both data connection and

control connection, and data connection establishment dynamically depends on the payload
information of the control connection. ALG can process the payload information to ensure that the

corresponding data connections can be established.
Currently, ALG can work with NAT and Application Specific Packet Filter (ASPF) to implement the

following functions:

Address translation

Resolving the source IP address, port, protocol type (TCP or UDP), and remote IP address information in
packet payloads.

Data connection detection

Extracting information required for data connection establishment and establishing data connections

for data exchange.

Application layer status checking

Inspecting the status of the application layer protocol in packets. If the status is right, updating the

packet state machine and performing further processing; otherwise, dropping packets with incorrect
states.
Support for the above functions depends on the application layer protocol. Currently, ALG can be used

to process packets of the following protocols:

Hyper Text Transport Protocol (HTTP)

Internet Control Message Protocol (ICMP)

File Transfer Protocol (FTP)

GPRS Tunneling Protocol (GTP)

Domain Name System (DNS)

Real-Time Streaming Protocol (RTSP)

H.323, including Registration, Admission, Status (RAS), H.225, and H.245

Session Initiation Protocol (SIP)

SQLNET (a language in Oracle)

Point-to-Point Tunneling Protocol (PPTP)

Internet Locator Server (ILS)

Network Basic Input/Output System (NBT)

MSN/QQ

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: