Manualshelf

TMS zl Management and Configuration Guide ST.1.1.100226

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
381382383384385386387388389390
4-92
Firewall
Application-Level Gateways (ALGs)
Note If you are having trouble with this application, make sure that you have
permitted the DNS service (
UDP 53) for endpoints that use ILS.
irc
Internet Relay Chat (IRC) is a chat system that enables people that are
connected from anywhere on the Internet to join in live discussions. The IRC
ALG:
interprets the following command formats in the payloads that pass
through the control connection:
DCC CHAT chat XYZA BC (where XYZA = IP address and BC = port
number)
DCC SCHAT chat XYZA BC
DCC SEND F XYZA BC S (where F = filename and S = size)
DCC MOVE F XYZA BC S
DCC TSEND F XYZA BC S
extracts the IP address and port information from the control-connection
payloads and opens data associations to allow the data transfer between
the IRC clients.
translates the IP address and port information according to NAT policies.
Note If you are having trouble with this application, make sure that you have
permitted the DNS service (
UDP 53) for endpoints that use IRC.
l2tp
The Layer 2 Tunneling Protocol (L2TP) ALG is required to cover the following
two scenarios:
1. The Windows 200x L2TP Network Server (LNS) deviates from the L2TP
implementation by always sending L2TP data packets to UDP 1701 rather
than to the port number from which the client initiated the connection. If
NAT is employed, the firewall drops the data packets, because they are
expected to come on the NAT port that replaced the original source port
of the connection rather than on the original source port.
2. Tunnel recipients pick up arbitrary ports during tunnel establishment
rather than UDP 1701.