Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Enabling ALGs (NSM Procedure)

    In ScreenOS 6.0, the following modifications were made to prevent high CPU utilization.

    • Some existing Application Layer Gateways (ALGs) are disabled by default on high-end platforms (ISG1000, ISG2000, NetScreen 2000 line, and NetScreen line). The affected ALGs are H.323, SIP, MGCP, SCCP, MSRPC, SunRPC, and SQL. ALGs included in ScreenOS 6.1 are PAT for PPTP, SCTP, and Apple iChat. As of ScreenOS 6.3, the DNS Inhibit AAAA (IPv6) ALG is supported but disabled by default.
    • ALGs included in ScreenOS 6.0 or later are enabled by default. They are FTP, DNS, Real, Rlogin, RSH, TALK, TFTP, and XING.

    For efficient CPU utilization, you can enable or disable the ALGs.

    To enable or disable the ALGs:

    1. In the NSM navigation tree, click Device Manager > Devices.
    2. Select a device or a model device
    3. Click the Edit icon to edit the device. The relevant device dialog box appears.
    4. In the device navigation tree, click Advanced > ALGs.
    5. ALGs are listed depending on the type of device you selected and the OS version. ALGs can be enabled or disabled by checking or clearing their check boxes. See Table 1.

      Table 1: ALGs Default Status

      ALGs

      Status

      H.323, SIP, MGCP, SCCP, MSRPC, SunRPC, SQL, PPTP, and DNS Inhibit AAAA(IPv6).

      Disabled by default on ISG1000, ISG2000, NetScreen–2000 line, and NetScreen–5000 line running ScreenOS 6.0 or later.

      FTP, DNS, Real, Rlogin, RSH, TALK, TFTP, XING, and SCTP

      Enabled by default on a device running ScreenOS 6.0 or later.

    Published: 2013-01-02