How do I configure NAT ALG

24

On a Huawei AR router, you can run the nat alg { all | protocol-name } enable command to enable NAT ALG for an application protocol. After NAT ALG for an application protocol is enabled, packets of the application protocol can traverse the NAT device.
Note:
In the command, all indicates that NAT ALG is enabled for DNS, FTP, SIP, PPTP, and RSTP. protocol-name indicates that NAT ALG is enabled for a specified protocol. The value can be dns, ftp, sip, pptp, or rtsp.
The AR510 does not support NAT ALG for SIP.

Other related questions:
Configuring interzone NAT ALG through the CLI on the USG6000
The USG6000 series supports configuring interzone NAT ALG through the CLI. For example, enable the NAT ALG function for the FTP protocol in the interzone between the Trust zone and the Untrust zone. system-view [sysname] firewall interzone trust untrust [sysname-interzone-trust-untrust] detect ftp For details, see the USG6000 series product documentation.

Configuring intrazone NAT ALG through the CLI on the USG6000
The USG6000 series supports configuring intrazone NAT ALG through the CLI. For example, enable the NAT ALG function for the FTP protocol in the Trust zone. system-view [sysname] firewall zone trust [sysname-zone-trust] detect ftp For details, see the USG6000 series product documentation.

Configuring global NAT ALG through the CLI on the USG6000
To simplify configurations, the USG6000 series supports configuring the global NAT ALG function. Enabling the global ASPF function equals to enabling the interzone and intrazone NAT ALG functions. The global NAT ALG function and interzone/intrazone NAT ALG function are logically ORed. Select one of them as required. For example, configure the global NAT ALG function to detect FTP traffic. system-view [sysname] firewall detect ftp

Protocol that requires the firewall to enable the NAT ALG
Generally, it is recommended that NAT ALG be enabled for FTP, PPTP, and SQLNET. Because SIP and RTSP support NAT traversal, NAT ALG is not recommended when services are normal.

Whether the NAT ALG supports the fragmented packet processing
The NAT ALG does not support the fragmented packet processing.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top