![]() ![]() FTP port commands use IP addresses that are configured on endpoint interfaces, which in the case of a host behind a NAT firewall is usually unreachable from the Internet. In this case, the endpoints do not always realize that their addresses are being translated midstream. Once the session is complete, the gateway closes immediately.įTP ALG also handles the special case when an FTP session passes through a NAT interface. ALG dynamically opens a specific combination of source and destination IP ports in the firewall policy that allows a session to be established. Because these data channels can connect to any port, it is almost impossible to create a static firewall policy that allows these data channels and still provide adequate protection.įTP ALG automatically solves this problem by monitoring the FTP command channel, looking for FTP port commands that indicate which source and destination ports are being requested. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |