Enabling or Disabling ALGs (NSM Procedure)

All ALGs are enabled by default.

To enable or disable ALGs:

  1. In the NSM navigation tree, select Device Manager > Devices.
  2. Click the Device Tree tab, and then double-click the device for which you want to enable or disable ALGs.
  3. Click the Configuration tab. In the configuration tree, select Security > Alg.
  4. Select the check box next to an ALG as specified in Table 225.
  5. Click one:
    • OK—Saves the changes.
    • Cancel—Cancels the modifications.

Table 225: ALG Configuration Options

Option

Function

Your Action

Multimedia Application Protocols

RTSP

Provides an ALG for the Real-Time Streaming Protocol.

Select the Disable check box to disable the RTSP ALG.

Basic Internet Protocols

DNS

Provides an ALG for the Domain Name System. The DNS ALG monitors DNS query and reply packets and closes session if the DNS flag indicates the packet is a reply message.

Select the Disable check box to disable the DNS ALG.

FTP

Provides an ALG for the File Transfer Protocol. The FTP ALG monitors PORT, PASV and 227 commands. It performs NAT of IP/port in the message and gate opening on the device as necessary. The FTP ALG supports FTP put and FTP get command blocking. When FTP_NO_PUT or FTP_NO_GET is set in the policy, the FTP ALG sends back a blocking command and closes the associated opened gate when either the FTP STOR or FTP RETR command is observed.

Select the Disable check box to disable the FTP ALG.

TFTP

Provides an ALG for the Trivial File Transfer Protocol. The TFTP ALG processes a TFTP packet that initiates the request and opens a gate to allow return packets from the reverse direction to the port that sends the request.

Select the Disable check box to disable the TFTP ALG.

TALK

Provides an ALG for the TALK Protocol. The TALK protocol uses UDP port 517 and port 518 for control channel connections. The talk program consists of a server and a client. The server handles client notifications and helps to establish talk sessions. There are two types of talk servers: ntalk and talkd. The TALK ALG processes packets of both ntalk and talkd formats. It also performs NAT and gate opening as necessary.

Select the Disable check box to disable the TALK ALG.

RSH

Provides an ALG for the Remote Shell. The RSH ALG handles TCP packets destined for port 514 and process the RSH port command. The RSH ALG performs NAT on the port in the port command and opens gates as necessary.

Select the Disable check box to disable the RSH ALG.

PPTP

Provides an ALG for the Point-to-Point Tunneling Protocol. The PPTP is a Layer 2 protocol that tunnels PPP data across TCP/IP networks. The PPTP client is freely available on Windows systems and is widely deployed for building VPNs.

Select the Disable check box to disable the PPTP ALG.

Database and Network Support Protocols

SQL

Provides an ALG for the Structured Query Language. The SQLNET ALG processes an SQL TNS response frame from the server side. It parses the packet and looks for (HOST=ipaddress), (PORT=port) pattern, and performs NAT and gate opening on the client side for the TCP data channel.

Select the Disable check box to disable the SQL ALG.

Related Documentation