alg

Enables traffic filtering at the application layer using the ALG (Application Layer Gateway) feature

Supported in the following platforms:

  • Access Points — AP505i, AP510i/e, AP560i/h
  • Service Platforms — NX5500, NX7500, NX9500, NX9600, VX9000

Syntax

alg [dns|facetime|ftp|pptp|sccp|sip|tftp]

Parameters

alg [dns|facetime|ftp|pptp|sccp|sip|tftp]

alg

Enables traffic filtering at the application layer. The ALG provides filters for the following common protocols: DNS, Facetime, FTP, PPTP, SCCP, SIP, and TFTP.

dns

Allows DNS (Domain Name System) traffic through the firewall using its default ports. This option is enabled by default.

When enabled, you can easily permit or deny traffic based on a packet‘s DNS name, instead of the IP address. Use this option when configuring ACLs allowing or denying traffic for Web sites that have a single domain name resolving to any one of multiple IP addresses.

facetime

Allows Apple‘s FaceTime video calling traffic through the firewall using its default ports. This option is disabled by default.

ftp

Allows FTP (File Transfer Protocol) traffic through the firewall using its default ports. This option is enabled by default.
pptp Allows PPTP (Point-to-Point Tunneling Protocol) traffic through the firewall using its default ports. PPTP, a network protocol, enables secure transfer of data from a remote client to an enterprise server by encapsulating PPP packets into IP datagrams for transmission over the Internet or other public TCP/IP-based networks. This option is enabled by default.

sccp

Allows SCCP (Signalling Connection Control Part) traffic through the firewall using its default ports. This option is disabled by default.

SCCP is a network protocol that provides routing, flow control and error correction in telecommunication networks.

sip

Allows SIP (Session Initiation Protocol) traffic through the firewall using its default ports. This option is disabled by default.

tftp

Enables the TFTP (Trivial File Transfer Protocol) algorithm. When enabled, allows TFTP traffic through the firewall using its default ports. This option is enabled by default.

Examples

nx9500-6C8809(config-fw-policy-testFW)#show context
nx9500-6C8809(config-fw-policy-testFW)#show context
firewall-policy testFW
 no ip dos tcp-sequence-past-window
 alg facetime
nx9500-6C8809(config-fw-policy-testFW)#

Related Commands

no Removes or reverts ALG related settings