Time at which the USG9000 series shall have the NAT ALG function enabled

2

When the NAT function and the forwarding of the packets of multi-channel protocols (such as FTP) are enabled on the device, you should enable the corresponding NAT ALG function. As multi-channel protocols negotiate temporary port numbers for transmitting packets during communications, the device adopts the NAT ALG function to automatically detect the port information in the negotiation packet to ensure that the packets of these protocols are correctly translated.

Other related questions:
Protocol that requires the firewall to enable the NAT ALG
Generally, it is recommended that NAT ALG be enabled for FTP, PPTP, and SQLNET. Because SIP and RTSP support NAT traversal, NAT ALG is not recommended when services are normal.

Scenarios for enabling the NAT ALG function on the USG2000 and USG5000
If a device on which the NAT is enabled needs to forward multichannel protocol packets (such as FTP), you must enable the NAT ALG function. Because these protocols negotiate temporary port numbers during the communications to transmit packets, the NAT ALG function can automatically detect the IP address and port information in the negotiation packets, so that these protocols can be correctly converted.

For what protocol enabling the NAT ALG function is recommended
In normal cases, you are advised to enable NAT ALG for FTP, PPTP, and SQLNET protocols. SIP and RTSP support NAT traversal. Therefore, you are advised not to enable NAT ALG for them.

How do I configure NAT ALG
On a Huawei AR router, you can run the nat alg { all | protocol-name } enable command to enable NAT ALG for an application protocol. After NAT ALG for an application protocol is enabled, packets of the application protocol can traverse the NAT device. Note: In the command, all indicates that NAT ALG is enabled for DNS, FTP, SIP, PPTP, and RSTP. protocol-name indicates that NAT ALG is enabled for a specified protocol. The value can be dns, ftp, sip, pptp, or rtsp. The AR510 does not support NAT ALG for SIP.

Enabling the SLB function on the USG9000 series
Run the slb enable command in the system view to enable the server load balancing function.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top