Manualshelf

HP VPN Firewall Appliances NAT and ALG Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
70717273747576777879
68
Configuring ALG at the CLI
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enable ALG.
alg { all | dns | ftp | gtp | h323 | ils |
msn | nbt | pptp | qq | rtsp | sccp |
sip | sqlnet | tftp }
Optional.
By default, ALG is enabled only for FTP.
FTP ALG configuration example
Network requirements
As shown in Figure 56, a company uses the private network segment 192.168.1.0/24. The company
wants to provide FTP services using public IP address 5.5.5.10.
Configure NAT and ALG on the firewall so that hosts on the external network can access the FTP server
on the internal network.
Figure 56 Network diagram
Configuration procedure
This section describes ALG configuration only, assuming that other required configurations on the server
and client have been done.
# Enable ALG for FTP.
[Firewall] alg ftp
# Configure internal FTP server.
[Firewall] interface gigabitethernet 0/1
[Firewall-GigabitEthernet0/1] nat server protocol tcp global 5.5.5.10 ftp inside
192.168.1.2 ftp
SIP/H.323 ALG configuration example
H.323 ALG configuration is similar to SIP ALG configuration. This example discusses SIP ALG
configuration.
Network requirements
As shown in Figure 57, a company uses the private network segment 192.168.1.0/24, and has four public
network addresses: 5.5.5.1, 5.5.5.9, 5.5.5.10, and 5.5.5.11. SIP UA 1 is on the internal network and SIP
UA 2 is on the external network.