Application Layer Gateway Service 和 FTP

Application Layer Gateway Service

简称“ALG”（应用层网关），其进程名是alg.exe，WinXP Home/PRO默认安装的启动类型为手动。ALG又被称为代理服务器（Proxy Server），是网络防火墙从功能面上分类的一种。当内部计算机与外部主机连结时，将由代理服务器（Proxy Server）担任内部计算机与外部主机的连结中继者。使用ALG的好处是隐藏内部主机的地址和防止外部不正常的连接，如果代理服务器上未安装针对该应用程序设计的代理程序时，任何属于这个网络服务的封包将完全无法通过防火墙。通俗点说，具体到ALG本身，它就是WinXP附带的Internet连接共享 /防火墙的具体控管程序，如果你需要启用这二者，这个服务是必备的。

*****************************************************************
http://www.cnblogs.com/jjkv3/archive/2009/10/23/1588646.html

深入理解窗口防火墙之一：Windows防火墙服务依存关系

Windows Firewall Service Dependencies

Windows Firewall runs in the Windows Firewall/Internet Connection Sharing service and is dependent on several subsidiary services. If any of the subsidiary services are not running or cannot be started, Windows Firewall might not start or run properly. Windows Firewall depends on the following services.

Application Layer Gateway Service

The Application Layer Gateway Service (sometimes known as the ALG service) is required if you enable Windows Firewall on a computer that is an FTP client or FTP server that does not use PASV FTP. The Application Layer Gateway Service listens for outgoing FTP traffic from an FTP client. It then extracts the port from which the FTP client is expecting to receive data and creates an appropriate dynamic port mapping for the FTP data channel.

The Application Layer Gateway Service and Windows Firewall interact as follows:

    * If the Application Layer Gateway Service is disabled and you try to enable Windows Firewall, Windows Firewall will start, but FTP traffic that does not use PASV FTP might fail.

    * If you stop the Application Layer Gateway Service while Windows Firewall is running, Windows Firewall will continue to run, but FTP traffic that does not use PASV FTP might fail.

    * If the Application Layer Gateway Service is stopped and its startup type is set to Manual, then the Application Layer Gateway Service will attempt to start when you enable Windows Firewall.