Unable to create Compute Gateway Firewall rule with the error "Unsupported App Level Gateway (ALG) Type" on VMware Cloud on AWS
search cancel

Unable to create Compute Gateway Firewall rule with the error "Unsupported App Level Gateway (ALG) Type" on VMware Cloud on AWS

book

Article ID: 329928

calendar_today

Updated On:

Products

VMware Cloud on AWS

Issue/Introduction

Symptoms:
In VMware Cloud on AWS console, if you create Compute Gateway Firewall rule which includes ALG service ports, it will fail with the error like below.

Unsupported App Level Gateway (ALG) Type : NBDG_BROADCAST


Cause

Currently, Compute Gateway Firewall rules on VMware Cloud on AWS do not support ALG service ports.
Some of the pre-defined services such as "Microsoft Active Directory" include ALG service ports.
However, ALG service ports will work on Distributed Firewall rules.

Resolution

You can create a custom service in VMware Cloud on AWS console and add all required service ports on it.
For ALG service ports, you can replace them as service ports to following TCP/UDP ports.

 
Port NameProtocolPort Number
MS_RPC_TCPTCP135 and range of dynamic ports
MS_RPC_UDPUDP135
SUN_RPC_TCPTCP111
SUN_RPC_UDPUDP111
NBDG_BROADCASTTCP / UDP137
NBNS_BROADCASTUDP138
ORACLE_TNSTCP1521

Then, apply and use the custom service to your Compute Gateway Firewall rules.