Application Layer Gateways

• Previous message (by thread): pd table vs 6296
• Next message (by thread): Application Layer Gateways
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Working with an ISP, we recently deployed Comtrend VDSL routers, and
Alcatel-Lucent GPON ONTs. Both of these devices uses chipsets made by
Broadcom, and as such probably use the same underlying Broadcom operating
system if I had to guess. They are different chipsets though as one is from
VDSL2, and the other for GPON

By default, the Comtrend had the following Firewall -- ALG/Pass-Throughs
enabled:

FTP
H323
IPSec
IRC
PPTP
RTSP
SIP
TFTP

On the Acatel-Lucent (Nokia) ONT, the following came enabled by default
from the factory:

FTP
H323
IPSEC
L2TP
PPTP
RTSP
SIP
TFTP


The only difference between these two is the Comtrend has an IRC as a ALG,
and Acatel has L2TP as a protocol type. The other seven ALG protocols as
the same.

My question is in general, is it a good idea to disable all Application
Layer Gateways?

The only ALG I have had experience with was a SIP ALG. Almost all SIP
providers strongly recommend you disable SIP ALGs as it does more harm and
breaks more things than it does good, so we always disable SIP ALG. But
what about the other protocols on these two? Do you think they should be
enabled or disabled by default?

I am leaning towards disabling them all for our standard config.

• Previous message (by thread): pd table vs 6296
• Next message (by thread): Application Layer Gateways
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]