1. Home
    2. /
  2. Manuals
    3. /
  3. Zyxel
    4. /
  4. ZyWALL-USG50
    5. /
  5. 69
Page 341 / 944 Scroll up to view Page 336 - 340
Chapter 19 ALG
ZyWALL USG 50 User’s Guide
341
19.3
ALG Technical Reference
Here is more detailed information about the Application Layer Gateway.
ALG
Some applications cannot operate through NAT (are NAT un-friendly) because
they embed IP addresses and port numbers in their packets’ data payload. The
ZyWALL examines and uses IP address and port number information embedded in
the VoIP traffic’s data stream. When a device behind the ZyWALL uses an
application for which the ZyWALL has VoIP pass through enabled, the ZyWALL
translates the device’s private IP address inside the data stream to a public IP
address. It also records session port numbers and allows the related sessions to
go through the firewall so the application’s traffic can come in from the WAN to the
LAN.
ALG and Trunks
If you send your ALG-managed traffic through an interface trunk and all of the
interfaces are set to active, you can configure routing policies to specify which
interface the ALG-managed traffic uses.
You could also have a trunk with one interface set to active and a second interface
set to passive. The ZyWALL does not automatically change ALG-managed
Enable FTP ALG
Turn on the FTP ALG to detect FTP (File Transfer Program) traffic and
help build FTP sessions through the ZyWALL’s NAT. Enabling the FTP
ALG also allows you to use the application patrol to detect FTP traffic
and manage the FTP traffic’s bandwidth (see
Chapter 28 on page 437
).
Enable FTP
Transformations
Select this option to have the ZyWALL modify IP addresses and port
numbers embedded in the FTP data payload to match the ZyWALL’s
NAT environment.
Clear this option if you have an FTP device or server that will modify IP
addresses and port numbers embedded in the FTP data payload to
match the ZyWALL’s NAT environment.
FTP Signaling
Port
If you are using a custom TCP port number (not 21) for FTP traffic,
enter it here.
Additional FTP
Signaling Port
for
Transformations
If you are also using FTP on an additional TCP port number, enter it
here.
Apply
Click
Apply
to save your changes back to the ZyWALL.
Reset
Click
Reset
to return the screen to its last-saved settings.
Table 96
Configuration > Network > ALG (continued)
LABEL
DESCRIPTION
Page 342 / 944
Chapter 19 ALG
ZyWALL USG 50 User’s Guide
342
connections to the second (passive) interface when the active interface’s
connection goes down. When the active interface’s connection fails, the client
needs to re-initialize the connection through the second interface (that was set to
passive) in order to have the connection go through the second interface. VoIP
clients usually re-register automatically at set intervals or the users can manually
force them to re-register.
FTP
File Transfer Protocol (FTP) is an Internet file transfer service that operates on the
Internet and over TCP/IP networks. A system running the FTP server accepts
commands from a system running an FTP client. The service allows users to send
commands to the server for uploading and downloading files.
H.323
H.323 is a standard teleconferencing protocol suite that provides audio, data and
video conferencing. It allows for real-time point-to-point and multipoint
communication between client computers over a packet-based network that does
not provide a guaranteed quality of service. NetMeeting uses H.323.
SIP
The Session Initiation Protocol (SIP) is an application-layer control (signaling)
protocol that handles the setting up, altering and tearing down of voice and
multimedia sessions over the Internet. SIP is used in VoIP (Voice over IP), the
sending of voice signals over the Internet Protocol.
SIP signaling is separate from the media for which it handles sessions. The media
that is exchanged during the session can use a different path from that of the
signaling. SIP handles telephone calls and can interface with traditional circuit-
switched telephone networks.
RTP
When you make a VoIP call using H.323 or SIP, the RTP (Real time Transport
Protocol) is used to handle voice data transfer. See RFC 1889 for details on RTP.
Page 343 / 944
ZyWALL USG 50 User’s Guide
343
C
HAPTER
20
IP/MAC Binding
20.1
IP/MAC Binding Overview
IP address to MAC address binding helps ensure that only the intended devices get
to use privileged IP addresses. The ZyWALL uses DHCP to assign IP addresses and
records to MAC address it assigned each IP address. The ZyWALL then checks
incoming connection attempts against this list. A user cannot manually assign
another IP to his computer and use it to connect to the ZyWALL.
Suppose you configure access privileges for IP address 192.168.1.27 and use
static DHCP to assign it to Tim’s computer’s MAC address of 12:34:56:78:90:AB.
IP/MAC binding drops traffic from any computer trying to use IP address
192.168.1.27 with another MAC address.
Figure 205
IP/MAC Binding Example
20.1.1
What You Can Do in this Chapter
Use the
Summary
and
Edit
screens (
Section 20.2 on page 344
) to bind IP
addresses to MAC addresses.
Use the
Exempt List
screen (
Section 20.3 on page 347
) to configure ranges of
IP addresses to which the ZyWALL does not apply IP/MAC binding.
MAC: 12:34:56:78:90:AB
Bob
IP:
192.168.1.27
MAC: AB:CD:EF:12:34:56
Jim
IP:
192.168.1.27
Page 344 / 944
Chapter 20 IP/MAC Binding
ZyWALL USG 50 User’s Guide
344
20.1.2
What You Need to Know
DHCP
IP/MAC address bindings are based on the ZyWALL’s dynamic and static DHCP
entries.
Interfaces Used With IP/MAC Binding
IP/MAC address bindings are grouped by interface. You can use IP/MAC binding
with Ethernet, bridge, VLAN interfaces. You can also enable or disable IP/MAC
binding and logging in an interface’s configuration screen.
20.2
IP/MAC Binding Summary
Click
Configuration > Network > IP/MAC Binding
to open the
IP/MAC
Binding Summary
screen. This screen lists the total number of IP to MAC
address bindings for devices connected to each supported interface.
Figure 206
Configuration > Network > IP/MAC Binding > Summary
The following table describes the labels in this screen.
Table 97
Configuration > Network > IP/MAC Binding > Summary
LABEL
DESCRIPTION
Edit
Double-click an entry or select it and click
Edit
to open a screen where
you can modify the entry’s settings.
Activate
To turn on an entry, select it and click
Activate
.
Inactivate
To turn off an entry, select it and click
Inactivate
.
#
This field is a sequential value, and it is not associated with a specific
entry.
Page 345 / 944
Chapter 20 IP/MAC Binding
ZyWALL USG 50 User’s Guide
345
20.2.1
IP/MAC Binding Edit
Click
Configuration > Network > IP/MAC Binding > Edit
to open the
IP/
MAC Binding Edit
screen. Use this screen to configure an interface’s IP to MAC
address binding settings.
Figure 207
Configuration > Network > IP/MAC Binding > Edit
The following table describes the labels in this screen.
Status
This icon is lit when the entry is active and dimmed when the entry is
inactive.
Interface
This is the name of an interface that supports IP/MAC binding.
Number of
Binding
This field displays the interface’s total number of IP/MAC bindings and IP
addresses that the interface has assigned by DHCP.
Apply
Click
Apply
to save your changes back to the ZyWALL.
Table 97
Configuration > Network > IP/MAC Binding > Summary
(continued)
LABEL
DESCRIPTION
Table 98
Configuration > Network > IP/MAC Binding > Edit
LABEL
DESCRIPTION
IP/MAC
Binding
Settings
Interface
Name
This field displays the name of the interface within the ZyWALL and the
interface’s IP address and subnet mask.
Enable IP/
MAC
Binding
Select this option to have this interface enforce links between specific IP
addresses and specific MAC addresses. This stops anyone else from
manually using a bound IP address on another device connected to this
interface. Use this to make use only the intended users get to use
specific IP addresses.
Enable
Logs for IP/
MAC
Binding
Violation
Select this option to have the ZyWALL generate a log if a device
connected to this interface attempts to use an IP address not assigned by
the ZyWALL.

Rate

4.5 / 5 based on 2 votes.

Popular Zyxel Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top