TMS zl Management and Configuration Guide ST.1.2.100916
4-88
Firewall
Application-Level Gateways (ALGs)
Application-Level Gateways (ALGs)
The TMS zl Module supports ALGs for several common applications that can
experience difficulties when they run through a firewall. These ALGs help the
applications to run smoothly through the TMS zl Module firewall without
compromising security. For example, some applications open data-transfer
connections dynamically by negotiating IP addresses and service ports. An
ALG allows such an application with the opening of a single control port. ALGs
provide other special handling for applications which you can read about in
the sections that follow. Refer to these sections according to your interests:
■ For background information on ALGs, see “ALG Concepts” on page 4-88.
■ To learn more about the specific TMS zl Module ALGs, see “ALG Descrip-
tions” on page 4-91.
■ To learn how to enable and disable ALGs, see “Enable and Disable
Optional Attack Checks” on page 4-111.
ALG Concepts
Table 4-12 shows the ALGs supported by the TMS zl Module. The FTP ALG is
enabled by default; all other ALGs are disabled by default. It is best practices
to enable only the ALGs you need because they do open ports on your network
and use system resources.
In addition to listing the ALGs by name, Table 4-12 provides this information
for each ALG:
■ Control port
See “Control Port” on page 4-89 for an explanation of why you need to
know about the control port.
■ ALG type
See “ALG Types” on page 4-90 for an explanation of the types of support
provided by ALGs.