http://dbpedia.org/page/Application-level_gateway

In the context of computer networking, an application-level gateway (also known as ALG or application layer gateway) consists of a security component that augments a firewall or NAT employed in a computer network. It allows customized NAT traversal filters to be plugged into the gateway to support address and port translation for certain application layer "control/data" protocols such as FTP, BitTorrent, SIP, RTSP, file transfer in IM applications etc. In order for these protocols to work through NAT or a firewall, either the application has to know about an address/port number combination that allows incoming packets, or the NAT has to monitor the control traffic and open up port mappings dynamically as required. Legitimate application data can thus be passed through the security checks of the firewall or NAT that would have otherwise restricted the traffic for not meeting its limited filter criteria.

Property	Value
p:abstract	In the context of computer networking, an application-level gateway (also known as ALG or application layer gateway) consists of a security component that augments a firewall or NAT employed in a computer network. It allows customized NAT traversal filters to be plugged into the gateway to support address and port translation for certain application layer "control/data" protocols such as FTP, BitTorrent, SIP, RTSP, file transfer in IM applications etc. In order for these protocols to work through NAT or a firewall, either the application has to know about an address/port number combination that allows incoming packets, or the NAT has to monitor the control traffic and open up port mappings dynamically as required. Legitimate application data can thus be passed through the security checks of the firewall or NAT that would have otherwise restricted the traffic for not meeting its limited filter criteria. An ALG may offer the following functions: allowing client applications to use dynamic ephemeral TCP/ UDP ports to communicate with the known ports used by the server applications, even though a firewall-configuration may allow only a limited number of known ports. In the absence of an ALG, either the ports would get blocked or the network administrator would need to explicitly open up a large number of ports in the firewall — rendering the network vulnerable to attacks on those ports. converting the network layer address information found inside an application payload between the addresses acceptable by the hosts on either side of the firewall/NAT. This aspect introduces the term 'gateway' for an ALG. recognizing application-specific commands and offering granular security controls over them synchronizing between multiple streams/sessions of data between two hosts exchanging data. For example, an FTP application may use separate connections for passing control commands and for exchanging data between the client and a remote server. During large file transfers, the control connection may remain idle. An ALG can prevent the control connection getting timed out by network devices before the lengthy file transfer completes. Deep packet-inspection of all the packets handled by ALGs over a given network makes this functionality possible. An ALG understands the protocol used by the specific applications that it supports. For instance, Session Initiation Protocol Back-to-Back User agent . An ALG can allow firewall traversal with SIP. If the firewall has its SIP traffic terminated on an ALG then the responsibility for permitting SIP sessions passes to the ALG instead of the firewall. An ALG can solve another major SIP headache: NAT traversal. Basically a NAT with inbuilt ALG can re-write information within the SIP messages and can hold address-bindings until the session terminates. An ALG is very similar to a proxy server, as it sits between the client and real server, facilitating the exchange. There seems to be an industry convention that an ALG does its job without the application being configured to use it, by intercepting the messages. A proxy, on the other hand, usually needs to be configured in the client application. The client is then explicitly aware of the proxy and connects to it, rather than the real server. (en) Application-level gateway, или ALG (англ. «шлюз прикладного уровня») — компонент NAT-маршрутизатора, который понимает какой-либо прикладной протокол, и при прохождении через него пакетов этого протокола модифицирует их таким образом, что находящиеся за NAT’ом пользователи могут пользоваться протоколом. (ru) Un Application-level gateway o ALG è una componente di sicurezza dei firewall in una rete di computer. Permette ai filtri NAT personalizzati di essere aggiunti al gateway per fornire l'indirizzo e la porta di traduzione per certi protocolli del livello applicazione come FTP, BitTorrent, SIP, RTSP, trasferimento file e applicazioni IM. (it)
p:hasPhotoCollection	http://www4.wiwiss.fu-berlin.de/flickrwrappr/photos/Application-level_gateway
rdf:type	yago:WindowsServices opencyc:LocalProgram opencyc:BackEndUtilityProgram opencyc:MicrosoftComputerProgram
rdfs:comment	In the context of computer networking, an application-level gateway (also known as ALG or application layer gateway) consists of a security component that augments a firewall or NAT employed in a computer network. It allows customized NAT traversal filters to be plugged into the gateway to support address and port translation for certain application layer "control/data" protocols such as FTP, BitTorrent, SIP, RTSP, file transfer in IM applications etc. In order for these protocols to work through NAT or a firewall, either the application has to know about an address/port number combination that allows incoming packets, or the NAT has to monitor the control traffic and open up port mappings dynamically as required. Legitimate application data can thus be passed through the security checks of the firewall or NAT that would have otherwise restricted the traffic for not meeting its limited filter criteria. (en) Application-level gateway, или ALG (англ. «шлюз прикладного уровня»)� — компонент NAT-маршрутизатора, который понимает какой-либо прикладной протокол, и при прохождении через него пакетов этого протокола модифицирует их таким образом, что находящиеся за NAT’ом пользователи могут пользоваться протоколом. (ru) Un Application-level gateway o ALG è una componente di sicurezza dei firewall in una rete di computer. Permette ai filtri NAT personalizzati di essere aggiunti al gateway per fornire l'indirizzo e la porta di traduzione per certi protocolli del livello applicazione come FTP, BitTorrent, SIP, RTSP, trasferimento file e applicazioni IM. (it)
rdfs:label	Application-level gateway (en) Application-level gateway (ru) Application-level gateway (it)
owl:sameAs	http://rdf.freebase.com/ns/guid.9202a8c04000641f8000000000dbf497 opencyc:ApplicationLayerGatewayService_TheProgram
skos:subject	dbpedia:Category:Computer_network_security dbpedia:Category:Network-related_software dbpedia:Category:Windows_services
foaf:page	http://en.wikipedia.org/wiki/Application-level_gateway
is p:redirect of	dbpedia:Alg.exe dbpedia:Application_Level_Gateway dbpedia:Application_Layer_Gateway
is owl:sameAs of	http://mpii.de/yago/resource/Application-level_gateway

Application-level gateway