ĭeep packet inspection of all the packets handled by ALGs over a given network makes this functionality possible. An ALG can prevent the control connection getting timed out by network devices before the lengthy file transfer completes. During large file transfers, the control connection may remain idle.
For example, an FTP application may use separate connections for passing control commands and for exchanging data between the client and a remote server.
synchronizing between multiple streams/sessions of data between two hosts exchanging data. recognizing application-specific commands and offering granular security controls over them. This aspect introduces the term 'gateway' for an ALG. converting the network layer address information found inside an application payload between the addresses acceptable by the hosts on either side of the firewall/NAT. In the absence of an ALG, either the ports would get blocked or the network administrator would need to explicitly open up a large number of ports in the firewall - rendering the network vulnerable to attacks on those ports. allowing client applications to use dynamic ephemeral TCP/UDP ports to communicate with the known ports used by the server applications, even though a firewall configuration may allow only a limited number of known ports. Legitimate application data can thus be passed through the security checks of the firewall or NAT that would have otherwise restricted the traffic for not meeting its limited filter criteria.Īn ALG may offer the following functions: In order for these protocols to work through NAT or a firewall, either the application has to know about an address/port number combination that allows incoming packets, or the NAT has to monitor the control traffic and open up port mappings ( firewall pinholes) dynamically as required. 
It allows customized NAT traversal filters to be plugged into the gateway to support address and port translation for certain application layer "control/data" protocols such as FTP, BitTorrent, SIP, RTSP, file transfer in IM applications. Security component that augments a firewall or NAT employed in a computer networkĪn application-level gateway ( ALG, also known as application layer gateway, application gateway, application proxy, or application-level proxy) is a security component that augments a firewall or NAT employed in a computer network.
0 kommentar(er)
