ALG Overview 27• Global basis: number of packets received and transmittedALG OverviewWhenever traffic is allowed to go out based on outbound policies, thefirewall receives inbound traffic as a response to the outgoing traffic. Inorder to allow the inbound traffic to pass, the firewall creates a temporaryinbound policy which expires upon the expiry of the firewall connection.This dynamic inbound policy creation requires intimate knowledge of theapplications generating the traffic.To create these policies, the stateful firewall uses Application LevelGateways (ALG). ALGs are application-aware and support dynamic portopening, providing the supported applications with the required ports toreceive traffic across the firewall.By default, all ALGs are enabled on the firewall. You can choose to disableALG processing, yet keep firewall processing. You can disable one ALG,multiple ALGs, or all ALGs.Supported ALGsThe following sections describe the ALGs supported by the SR4134 firewall.General• FTP• ICMP (Echo, Echo response, Destination unreachable, time exceedand source quench)• SQLNetVideo and streaming applications• RTSP• QuickTime• RealPlayer (Real Audio and Real Video)• H.323 (ASN1 PER encoding and decoding included)• NetMeeting• Intel Video Phone• CuseeMe 5.0• SIPCommunication• Internet ChatNortel Secure Router 4134Security — Configuration and ManagementNN47263-600 01.02 Standard10.0 3 August 2007Copyright © 2007, Nortel Networks.