For ALGs which can be viewed via the "get alg" command, the ALG can be globally disabled and enabled with the following commands. If you disable the ALG globally, ALG processing will no longer be triggered for any ALG related traffic. This applies to ScreenOS 5.4, 6.0, and above.
FW-> unset alg <alg> enable FW-> set alg <alg> enable
The following example illustrates how the ALG can be selectively disabled for specifc networks/ host addresses via the policy configuration via the WebUI or CLI:
set policy id 3 from "Trust" to "Untrust" "192.168.1.1/24" "Any" "FTP" permit set policy id 3 application "IGNORE" set policy id 3
A corresponding example for the WebUI can be found at KB7078.
NOTE: For hidden ALGs in ScreenOS 5.4 and below, the only way to disable these ALGs is via the policy.
Please refer to the following link for example configuration instructions for the FTP ALG: KB7096
If you need to change the ALG from its predefined port to a custom port, this can also be done via the policy.
Important Note: If you disable the ALG globally and enable the ALG on a policy (by specifying 'set policy id <id> application <service>'), the ALG will still not be triggered. If the ALG is enabled explicitly on a policy, it also needs to be enabled globally in order to take affect.
*For ScreenOS 5.0 and below, the "get alg" command is not available at all.