What is ALG?

What is ALG?

ALG (Application Layer Gateway) is a network function that manages application protocols such as SIP (Session Initiation Protocol) and FTP (File Transfer Protocol). An ALG acts as an intermediary between the Internet and an application server that can understand the application protocol. The ALG appears as the endpoint server and controls whether to allow or deny traffic to the application server.

It does this by intercepting and analyzing the specified traffic, allocating resources, and defining dynamic policies to allow traffic to pass through the gateway. An ALG can be useful for certain protocols, but in some cases—like SIP—it may cause issues and is often recommended to be disabled in VoIP environments.

Application Layer Gateway Diagram

ALG Functions and Network Behavior

 

  • It allows client applications to use dynamic TCP/UDP ports to communicate with known ports used by server applications, even if the firewall configuration allows traffic through only a limited number of ports. Without an ALG, the ports would either get blocked, or the network administrator would need to open up a large number of ports in the firewall, weakening the network and allowing potential attacks on those ports.
  • It recognizes application specific commands and offers security controls over them.
  • It can convert the network layer address information that is found in an application payload.
  • Synchronizes multiple streams or sessions between hosts.

    In VoIP networks, ALG – especially SIP ALG – is known to interfere with call setup and audio. For most VoIP systems like 3CX, it’s best to disable SIP ALG on routers or firewalls to ensure call reliability.