What is an Application Layer Gateway?

An Application Layer Gateway is a security component that controls the communication between clients and application servers. The ALG acts as a target server from the client’s point of view. It analyzes application-level traffic, forwards requests to the actual servers, and can block dangerous data. ALGs are available for various applications such as SIP, FTP, email or HTTP.

What is an Application Layer Gateway?

The abbreviation for application layer gateway is ALG. Alternative terms are application level gateway or application level proxy. The ALG is an additional security component that controls communication between clients from insecure networks such as the Internet and application servers. The gateway is implemented as a stand-alone device or as software in an existing device such as a firewall.

The gateway acts as a communication partner to the clients and hides the actual destination addresses of the server. It analyzes the received traffic at the application level up to layer seven of the ISO/OSI layer model. The analyzed traffic is then forwarded to the destination server or blocked. Application level gateways are available for many different protocols and applications such as SIP (Session Initiation Protocol), FTP (File Transfer Protocol), HTTP (Hypertext Transfer Protocol) or e-mail.

READ:  What is A Penetration Test?

Traffic analysis and resource allocation is based on the specifications created by the administrator. To analyze traffic down to the application level, an application gateway masters deep packet inspection (DPI). This enables it to detect application protocol violations and filter out malware or other dangerous traffic, for example.

How an application layer gateway works

Like a proxy server, the Application Level Gateway is placed in the communication link between the client and the server. The ALG is located between the application server and an insecure network such as the Internet from which clients are trying to access the server.

From the client’s point of view, the ALG is the communication partner. It is not apparent to the client that an additional component is controlling the communication. The actual IP addresses and ports of the application server remain hidden from the clients. A separate application level gateway acts for each application.

The ALG analyzes the respective application protocol down to layer seven of the ISO/OSI reference model. Allowed traffic is then forwarded to the application server. If multiple servers are present, the gateway can take over resource allocation.

Typical functions of an ALG

Typical functions provided by an application level gateway include:

  • Application level analysis of traffic between client and server.
  • Detection of protocol violations or dangerous traffic
  • Forwarding or dropping traffic depending on defined rules
  • Hiding the internal network and actual server addresses
  • Allow communication through dynamic TCP/UDP ports of clients
  • Filtering out dynamic content such as Java applets or ActiveX controls from transmitted HTML pages
  • Logging of data traffic
  • Allocation of server resources
READ:  What is end-to-end encryption (E2EE)?

Typical applications for an Application Layer Gateway

Application Layer Gateways exist for numerous applications. For example, they control traffic between SIP clients from the Internet and a SIP server of a provider, between FTP clients and FTP servers, or between web browsers and HTTP servers. Other applications for which an ALG can be used include IRC (Internet Relay Chat) or H.323.