Manualshelf

TMS zl Management and Configuration Guide ST.1.0.090213

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
321322323324325326327328329330
4-74
Firewall
Application-Level Gateways
Application-Level Gateways
Acting as a proxy server between a trusted client and an untrusted host, an
ALG filters packets at Layer 5. Some applications open data-transfer connec-
tions dynamically by negotiating IP addresses and service ports, which
requires special handling by the firewall. Some ALGs also perform NAT inside
the packet types that they support.
You cannot enable or disable the ALGs from the Web browser interface: you
must use the CLI. The commands are as follows:
Display ALG settings:
Enable or disable ALGs:
The TMS zl Module supports the following ALGs, which are enabled by default
except as noted. Ports marked with an asterisk (*) have a preconfigured
service object on the TMS zl Module, and a section mark (ยง) means that a port
map is configured for that service.
Note Even though the TMS zl Module supports these ALGs, you must explicitly
configure the firewall to permit the control connection for each application.
Consult Table 4-6, the IANA well-known ports, or vendor documentation to
see which ports are used by each application.
If you are using a port other than the well-known port for control connections,
you may need to configure a port map for that application; otherwise, the ALG
will not function.
Syntax: show alg
Displays all of your ALG settings.
Syntax: [no] alg <CLI name>
Enables the ALG.
Replace <CLI name> with the CLI name of the ALG. See the
CLI Name column in Table 4-6, below, to see the CLI name.