TMS zl Management and Configuration Guide ST.1.1.100226
4-88
Firewall
Application-Level Gateways (ALGs)
To learn more about each specific ALG, see “ALG Descriptions” on page 4-90.
Table 4-12. Supported ALGs
Control Port
An ALG’s control port is important for two reasons:
■ You must explicitly configure the firewall to permit the control connection
for each application.
For example, even though the FTP ALG is enabled by default, if you want
to allow FTP traffic, you must create access policies that permit traffic
destined to TCP port 21. In this case, the TMS zl Module has a
preconfigured service for FTP, so you can specify that object rather than
specifying the service manually by protocol and port. Ports that are
associated with a preconfigured service object are marked with an
asterisk (*) in Table 4-12.
ALG Name ALG Description Control Ports ALG Type Default Setting
ftp File Transfer Protocol TCP 21
*§ firewall, NAT,
application
filtering
Enabled
ike Internet Key Exchange UDP 500* firewall Disabled
ils
ils2
Internet Locator Server (Microsoft
NetMeeting)
TCP 389*
TCP 1002
NAT Disabled
irc Internet Relay Chat, mIRC TCP 6667 firewall, NAT Disabled
l2tp Layer 2 Transport Protocol UDP 1701* firewall Disabled
netbios NetBIOS TCP 139*
UDP 17137—not a
control port, but this port
must be opened
between Netbios clients
and the module (Self
zone
application
handling
Disabled
pptp Point-to-Point Tunneling Protocol TCP 1723* firewall, NAT Disabled
rtsp Real-Time Streaming Protocol TCP 554§
TCP 7070§
firewall, NAT Disabled
sql Oracle SQL *NET TCP 1521 firewall, NAT Disabled
tftp Trivial File Transfer Protocol UDP 69
* firewall, NAT Disabled
* port has a preconfigured service object
§ this port is associated with this service by a preconfigured port map