Protocol that requires the firewall to enable the NAT ALG

2

Generally, it is recommended that NAT ALG be enabled for FTP, PPTP, and SQLNET.
Because SIP and RTSP support NAT traversal, NAT ALG is not recommended when services are normal.

Other related questions:
For what protocol enabling the NAT ALG function is recommended
In normal cases, you are advised to enable NAT ALG for FTP, PPTP, and SQLNET protocols. SIP and RTSP support NAT traversal. Therefore, you are advised not to enable NAT ALG for them.

How do I configure NAT ALG
On a Huawei AR router, you can run the nat alg { all | protocol-name } enable command to enable NAT ALG for an application protocol. After NAT ALG for an application protocol is enabled, packets of the application protocol can traverse the NAT device. Note: In the command, all indicates that NAT ALG is enabled for DNS, FTP, SIP, PPTP, and RSTP. protocol-name indicates that NAT ALG is enabled for a specified protocol. The value can be dns, ftp, sip, pptp, or rtsp. The AR510 does not support NAT ALG for SIP.

Scenarios for enabling the NAT ALG function on the USG2000 and USG5000
If a device on which the NAT is enabled needs to forward multichannel protocol packets (such as FTP), you must enable the NAT ALG function. Because these protocols negotiate temporary port numbers during the communications to transmit packets, the NAT ALG function can automatically detect the IP address and port information in the negotiation packets, so that these protocols can be correctly converted.

Configuring intrazone NAT ALG through the CLI on the USG6000
The USG6000 series supports configuring intrazone NAT ALG through the CLI. For example, enable the NAT ALG function for the FTP protocol in the Trust zone. system-view [sysname] firewall zone trust [sysname-zone-trust] detect ftp For details, see the USG6000 series product documentation.

Configuring interzone NAT ALG through the CLI on the USG6000
The USG6000 series supports configuring interzone NAT ALG through the CLI. For example, enable the NAT ALG function for the FTP protocol in the interzone between the Trust zone and the Untrust zone. system-view [sysname] firewall interzone trust untrust [sysname-interzone-trust-untrust] detect ftp For details, see the USG6000 series product documentation.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top