An application layer gateway (ALG) is a type of security software or device that acts on behalf of the application servers on a network, protecting the servers and applications from traffic that might be malicious.
An application layer gateway—also known as an application proxy gateway—may perform a variety of functions at the application layer of an infrastructure, commonly known as layer 7 in the OSI model. These functions may include address and port translation, resource allocation, application response control, and synchronization of data and control traffic. By acting as a proxy for the application servers and managing application protocols such as SIP and FTP, an application layer gateway can control application session initiation and shield the application servers by preventing or terminating connections when appropriate to deliver application layer security.
Applications are vital to business operations and daily life, but attacks increasingly target those applications and the application layer of IT infrastructures. To ensure business continuity and protect sensitive data and personally identifiable information (PII), security measures must specifically address the application layer. Application layer gateways are one option for defending applications and the data they contain to ensure secure application delivery.
By acting as a proxy for the application servers and managing application protocols such as SIP and FTP, an application layer gateway typically uses deep packet inspection to detect and block attacks before initiating an application session or allowing traffic to pass to the application. The capabilities of an application layer gateway generally exceed those of an application firewall or web application firewall.