Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
511
Views
0
Helpful
0
Comments

Enable Application Level Gateway (ALG) on ISA500 Series Integrated Security Appliances

smallbusiness
Community Manager
Community Manager

‎08-18-2017 08:00 PM - edited ‎03-21-2019 12:43 AM

Article ID:3326

Enable Application Level Gateway (ALG) on ISA500 Series Integrated Security Appliances

Objective

Some applications such as VoIP (Voice-over-IP) and video conferencing cannot operate through Network Address Translation (NAT), the translation of the private IP address to the public address, because the IP addresses and port numbers are embedded in the payload of the data packet. When a device behind the security appliance uses an application for which the security appliance has Application-Level Gateway (ALG) service enabled, the security appliance translates the private IP address of the device inside the data stream to a public IP address. It also records session port numbers and dynamically creates implicit NAT port forwarding for that application traffic to come in from the WAN to the LAN. This article explains how to enable the ALG service on the ISA500 Series Integrated Security Appliances.

Applicable Devices

• ISA500 Series Integrated Security Appliance

Software Version

• v1.1.14

Enable Application Level Gateway

Step 1. Log in to the Integrated Security Appliance Configuration Utility and choose Firewall > Application Level Gateway. The Application Level Gateway page opens:

 

Step 2. Check the following check box(es) in the ALG Settings field to support the corresponding ALG(s) sessions to pass through the security appliance.

• SIP — The Session Initiation Protocol (SIP) is an application layer control (signaling) protocol that handles the sett up, modification, and tear down of voice and multimedia sessions over the Internet. Enable the SIP ALG when voice devices such as UC500, UC300, or SIP phones are connected to the network behind the security appliance.

• H.23 Support — A standard teleconferencing protocol suite that provides audio, data, and video conferencing. It allows for real-time point-to-point and multipoint communication between client computers over a packet-based network that does not provide a guaranteed quality of service.

• FTP Support on TCP port —  Check the box to enable FTP support, or uncheck the box to disable this feature. Then choose a listening port. The default port is FTP-CONTROL (21).

NOTE: H.323 ALG and SIP ALG can be enabled at the same time, if necessary. Analyze the documentation for the VoIP devices or applications that are used behind the security appliances to determine which ALG is necessary.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents