Re: Application Layer Gateways

2017-09-23 Thread Jean-Francois Mezei
What you do with the CPE "firewall" settings depends on what sort of ISP you are. Do you cater to geeks or aunts/grand mothers? Whatever you do, I would suggest that you document in a place that is easy for customers to find exactlyt what apps/protocols are open/closed with the settings you've de

Re: Application Layer Gateways

2017-09-23 Thread Stephen Satchell
On 09/23/2017 07:47 AM, Ca By wrote: > On Sat, Sep 23, 2017 at 7:13 AM Colton Conor wrote: >> Just not sure why big vendors like Alcatel and Comtrend would have them >> enabled by default if they do more harm than good? > Turns out vendors focus on building and selling gear but are not > experienc

Re: Application Layer Gateways

2017-09-23 Thread Ca By
fault >>> from the factory: >>> >>> FTP >>> H323 >>> IPSEC >>> L2TP >>> PPTP >>> RTSP >>> SIP >>> TFTP >>> >>> >>> The only difference between these two is the Comtrend has an IRC as a

Re: Application Layer Gateways

2017-09-23 Thread Colton Conor
gt; >> On the Acatel-Lucent (Nokia) ONT, the following came enabled by default >> from the factory: >> >> FTP >> H323 >> IPSEC >> L2TP >> PPTP >> RTSP >> SIP >> TFTP >> >> >> The only difference between these two is

Re: Application Layer Gateways

2017-09-21 Thread Ca By
type. The other seven ALG protocols as > the same. > > My question is in general, is it a good idea to disable all Application > Layer Gateways? > Yes. ALG are frequently too smart for their own good. > The only ALG I have had experience with was a SIP ALG. Almost all SIP >

Application Layer Gateways

2017-09-21 Thread Colton Conor
between these two is the Comtrend has an IRC as a ALG, and Acatel has L2TP as a protocol type. The other seven ALG protocols as the same. My question is in general, is it a good idea to disable all Application Layer Gateways? The only ALG I have had experience with was a SIP ALG. Almost all SIP