Knowledge Search


×
 

How do I disable an ALG per Policy? How Do I Skip ALG Checking per Policy?

  [KB7078] Show Article Properties


Summary:

How Do I disable the ALG Checking per Policy?

Symptoms:

Symptoms & Errors:

  • ALG traffic is being dropped
Solution:

note: You will want to disable the ALG function if a particular part of the application function is not supported.  An example of this includes proprietary H.323 or SIP implementations that are not interpreted or not supported by ScreenOS.

After you disable the ALG, as long as a policy allows, the traffic will go through.   Most likely you will need to create a custom service to allow the high ports.  Then you will need to create a policy to permit the incoming traffic that would normally be processed by the ALG.  If so, use very specific attributes on the policy, i.e. source address, destination address, and the custom service created. 


To disable or skip ALG checking per policy via the WebUI, perform the following steps:

Open the WebUI.

From the ScreenOS options menu, click Policies.

Image of step two

From the policy you want to edit, click Edit.

Image of step three

From the Service drop-down menu, select the desired service.

From the Application drop-down menu, click to select IGNORE.

When the Application drop-down menu is set to NONE (the default value), then ALGs will be used.

NOTE: The ALG cannot be disabled on a policy with the ANY Service.

Image of step four

Click OK.

Image of step five
 

 

To skip ALG checking per policy via the CLI, perform the following steps:

Open the CLI.

Enter  get policy to see the list of existing policies, and note the policy ID of the policy that you want to disable the ALG on.

NOTE: The ALG cannot be disabled on a policy with the ANY Service.

Enter the following command to disable the ALG on that policy:
 
set policy id <policy_id> application ignore

  



note: For additional information, refer to KB13509 - Viewing list of ALGs and disabling an ALG differs on ScreenOS versions.

Related Links: