Unable to create Compute Gateway Firewall rule with the error "Unsupported App Level Gateway (ALG) Type" on VMware Cloud on AWS
book
Article ID: 329928
calendar_today
Updated On:
Products
VMware Cloud on AWS
Issue/Introduction
Symptoms: In VMware Cloud on AWS console, if you create Compute Gateway Firewall rule which includes ALG service ports, it will fail with the error like below.
Unsupported App Level Gateway (ALG) Type : NBDG_BROADCAST
Cause
Currently, Compute Gateway Firewall rules on VMware Cloud on AWS do not support ALG service ports. Some of the pre-defined services such as "Microsoft Active Directory" include ALG service ports. However, ALG service ports will work on Distributed Firewall rules.
Resolution
You can create a custom service in VMware Cloud on AWS console and add all required service ports on it. For ALG service ports, you can replace them as service ports to following TCP/UDP ports.
Port Name
Protocol
Port Number
MS_RPC_TCP
TCP
135 and range of dynamic ports
MS_RPC_UDP
UDP
135
SUN_RPC_TCP
TCP
111
SUN_RPC_UDP
UDP
111
NBDG_BROADCAST
TCP / UDP
137
NBNS_BROADCAST
UDP
138
ORACLE_TNS
TCP
1521
Then, apply and use the custom service to your Compute Gateway Firewall rules.