ALG or Application Layer Gateway is a software component that manages specific application protocols such as SIP (Session Initiation Protocol) and FTP (File Transfer Protocol). An ALG acts as an intermediary between the Internet and an application server that can understand the application protocol. The ALG appears as the end point server and controls whether to allow or deny traffic to the application server. It does this by intercepting and analysing the specified traffic, allocating resources, and defining dynamic policies to allow traffic to pass through the gateway.
An ALG has the following functions:
- It allows client applications to use dynamic TCP / UDP ports to communicate with known ports used by server applications, even if the firewall configuration allows traffic through only a limited number of ports. Without an ALG, the ports would either get blocked, or the network administrator would need to open up a large number of ports in the firewall, weakening the network and allowing potential attacks on those ports.
- It recognises application specific commands and offers security controls over them.
- It can convert the network layer address information that is found in an application payload.
- Synchronises multiple streams or sessions between hosts.