Home » ZyXEL Manuals » Networking » ZyXEL ZyWALL USG 20 » Manual Viewer

ZyXEL ZyWALL USG 20 User Guide - Page 357

ALG Technical Reference

Get ZyXEL ZyWALL USG 20 PDF manuals and user guides

View all ZyXEL ZyWALL USG 20 manuals

Add to My Manuals
Save this manual to your list of manuals

Page 357 highlights

Chapter 19 ALG Table 98 Configuration > Network > ALG (continued) LABEL DESCRIPTION Additional FTP Signaling Port for Transformations Apply Reset If you are also using FTP on an additional TCP port number, enter it here. Click Apply to save your changes back to the ZyWALL. Click Reset to return the screen to its last-saved settings. 19.3 ALG Technical Reference Here is more detailed information about the Application Layer Gateway. ALG Some applications cannot operate through NAT (are NAT un-friendly) because they embed IP addresses and port numbers in their packets' data payload. The ZyWALL examines and uses IP address and port number information embedded in the VoIP traffic's data stream. When a device behind the ZyWALL uses an application for which the ZyWALL has VoIP pass through enabled, the ZyWALL translates the device's private IP address inside the data stream to a public IP address. It also records session port numbers and allows the related sessions to go through the firewall so the application's traffic can come in from the WAN to the LAN. ALG and Trunks If you send your ALG-managed traffic through an interface trunk and all of the interfaces are set to active, you can configure routing policies to specify which interface the ALG-managed traffic uses. You could also have a trunk with one interface set to active and a second interface set to passive. The ZyWALL does not automatically change ALG-managed connections to the second (passive) interface when the active interface's connection goes down. When the active interface's connection fails, the client needs to re-initialize the connection through the second interface (that was set to passive) in order to have the connection go through the second interface. VoIP clients usually re-register automatically at set intervals or the users can manually force them to re-register. FTP File Transfer Protocol (FTP) is an Internet file transfer service that operates on the Internet and over TCP/IP networks. A system running the FTP server accepts ZyWALL USG 20/20W User's Guide 357

Section	Page
ZyWALL USG 20/20W	1
About This User's Guide	3
Document Conventions	6
Safety Warnings	8
Contents Overview	9
Table of Contents	11
User’s Guide	27
Introducing the ZyWALL	29
1.1 Overview and Key Default Settings	29
1.2 Wall-mounting	29
1.3 Front Panel	32
1.3.1 Front Panel LEDs	32
1.4 Management Overview	33
1.5 Starting and Stopping the ZyWALL	34
Features and Applications	37
2.1 Features	37
2.2 Applications	39
2.2.1 VPN Connectivity	39
2.2.2 SSL VPN Network Access	39
2.2.3 User-Aware Access Control	41
Web Configurator	43
3.1 Web Configurator Requirements	43
3.2 Web Configurator Access	43
3.3 Web Configurator Screens Overview	45
3.3.1 Title Bar	46
3.3.2 Navigation Panel	47
3.3.3 Main Window	52
3.3.4 Tables and Lists	54
Installation Setup Wizard	59
4.1 Installation Setup Wizard Screens	59
4.1.1 Internet Access Setup - WAN Interface	59
4.1.2 Internet Access: Ethernet	60
4.1.3 Internet Access: PPPoE	61
4.1.4 Internet Access: PPTP	63
4.1.5 ISP Parameters	63
4.1.6 Internet Access - Finish	65
4.2 Device Registration	65
Quick Setup	69
5.1 Quick Setup Overview	69
5.2 WAN Interface Quick Setup	70
5.2.1 Choose an Ethernet Interface	70
5.2.2 Select WAN Type	70
5.2.3 Configure WAN Settings	71
5.2.4 WAN and ISP Connection Settings	72
5.2.5 Quick Setup Interface Wizard: Summary	74
5.3 VPN Quick Setup	75
5.4 VPN Setup Wizard: Wizard Type	76
5.5 VPN Express Wizard - Scenario	77
5.5.1 VPN Express Wizard - Configuration	78
5.5.2 VPN Express Wizard - Summary	79
5.5.3 VPN Express Wizard - Finish	80
5.5.4 VPN Advanced Wizard - Scenario	81
5.5.5 VPN Advanced Wizard - Phase 1 Settings	82
5.5.6 VPN Advanced Wizard - Phase 2	83
5.5.7 VPN Advanced Wizard - Summary	85
5.5.8 VPN Advanced Wizard - Finish	86
Configuration Basics	87
6.1 Object-based Configuration	87
6.2 Zones, Interfaces, and Physical Ports	88
6.2.1 Interface Types	89
6.2.2 Default Interface and Zone Configuration	90
6.3 Terminology in the ZyWALL	91
6.4 Packet Flow	91
6.4.1 Routing Table Checking Flow	92
6.4.2 NAT Table Checking Flow	94
6.5 Feature Configuration Overview	95
6.5.1 Feature	95
6.5.2 Licensing Registration	96
6.5.3 Interface	96
6.5.4 Trunks	96
6.5.5 Policy Routes	96
6.5.6 Static Routes	98
6.5.7 Zones	98
6.5.8 DDNS	98
6.5.9 NAT	98
6.5.10 HTTP Redirect	99
6.5.11 ALG	100
6.5.12 Auth. Policy	100
6.5.13 Firewall	100
6.5.14 IPSec VPN	101
6.5.15 SSL VPN	101
6.5.16 Bandwidth Management	102
6.5.17 ADP	102
6.5.18 Content Filter	102
6.5.19 Anti-Spam	103
6.6 Objects	103
6.6.1 User/Group	104
6.7 System	105
6.7.1 DNS, WWW, SSH, TELNET, FTP, SNMP, Vantage CNM	105
6.7.2 Logs and Reports	105
6.7.3 File Manager	106
6.7.4 Diagnostics	106
6.7.5 Shutdown	106
Tutorials	107
7.1 How to Configure Interfaces, Port Roles, and Zones	107
7.1.1 Configure a WAN Ethernet Interface	108
7.1.2 Configure Port Roles	109
7.1.3 Configure the DMZ Interface for a Local Network	109
7.1.4 Configure Zones	110
7.2 How to Configure a Cellular Interface	111
7.3 How to Configure Load Balancing	113
7.3.1 Set Up Available Bandwidth on Ethernet Interfaces	113
7.3.2 Configure the WAN Trunk	114
7.4 How to Set Up an IPSec VPN Tunnel	116
7.4.1 Set Up the VPN Gateway	117
7.4.2 Set Up the VPN Connection	118
7.4.3 Configure Security Policies for the VPN Tunnel	119
7.5 How to Configure User-aware Access Control	120
7.5.1 Set Up User Accounts	120
7.5.2 Set Up User Groups	121
7.5.3 Set Up User Authentication Using the RADIUS Server	122
7.6 How to Use a RADIUS Server to Authenticate User Accounts based on Groups	124
7.7 How to Use Endpoint Security and Authentication Policies	126
7.7.1 Configure the Endpoint Security Objects	126
7.7.2 Configure the Authentication Policy	128
7.8 How to Configure Service Control	129
7.8.1 Allow HTTPS Administrator Access Only From the LAN	130
7.9 How to Allow Incoming H.323 Peer-to-peer Calls	132
7.9.1 Turn On the ALG	133
7.9.2 Set Up a NAT Policy For H.323	133
7.9.3 Set Up a Firewall Rule For H.323	135
7.10 How to Allow Public Access to a Web Server	136
7.10.1 Create the Address Objects	137
7.10.2 Configure NAT	137
7.10.3 Set Up a Firewall Rule	138
7.11 How to Use an IPPBX on the DMZ	139
7.11.1 Turn On the ALG	141
7.11.2 Create the Address Objects	141
7.11.3 Setup a NAT Policy for the IPPBX	142
7.11.4 Set Up a WAN to DMZ Firewall Rule for SIP	143
7.11.5 Set Up a DMZ to LAN Firewall Rule for SIP	144
7.12 How to Use Multiple Static Public WAN IP Addresses for LAN to WAN Traffic	145
7.12.1 Create the Public IP Address Range Object	145
7.12.2 Configure the Policy Route	146
7.13 How to Set Up a Wireless LAN	146
7.13.1 Set Up User Accounts	147
7.13.2 Create the WLAN Interface	147
7.13.3 Set Up the Wireless Clients to Use the WLAN Interface	150
Technical Reference	163
Dashboard	165
8.1 Overview	165
8.1.1 What You Can Do in this Chapter	165
8.2 The Dashboard Screen	165
8.2.1 The CPU Usage Screen	171
8.2.2 The Memory Usage Screen	172
8.2.3 The Active Sessions Screen	173
8.2.4 The VPN Status Screen	174
8.2.5 The DHCP Table Screen	174
8.2.6 The Number of Login Users Screen	175
Monitor	177
9.1 Overview	177
9.1.1 What You Can Do in this Chapter	177
9.2 The Port Statistics Screen	178
9.2.1 The Port Statistics Graph Screen	180
9.3 Interface Status Screen	181
9.4 The Traffic Statistics Screen	183
9.5 The Session Monitor Screen	186
9.6 The DDNS Status Screen	189
9.7 IP/MAC Binding Monitor	189
9.8 The Login Users Screen	190
9.9 WLAN Status Screen	191
9.10 The following table describes the labels in this menu.Cellular Status Screen	192
9.10.1 More Information	194
9.11 USB Storage Screen	195
9.12 The IPSec Monitor Screen	196
9.12.1 Regular Expressions in Searching IPSec SAs	198
9.13 The SSL Connection Monitor Screen	198
9.14 The Content Filter Statistics Screen	200
9.15 Content Filter Cache Screen	202
9.16 The Anti-Spam Statistics Screen	204
9.17 The Anti-Spam Status Screen	206
9.18 Log Screen	207
Registration	211
10.1 Overview	211
10.1.1 What You Can Do in this Chapter	211
10.1.2 What you Need to Know	211
10.2 The Registration Screen	212
10.3 The Service Screen	214
Interfaces	217
11.1 Interface Overview	217
11.1.1 What You Can Do in this Chapter	217
11.1.2 What You Need to Know	218
11.2 Port Role	220
11.3 Ethernet Summary Screen	222
11.3.1 Ethernet Edit	223
11.3.2 Object References	232
11.4 PPP Interfaces	233
11.4.1 PPP Interface Summary	234
11.4.2 PPP Interface Add or Edit	235
11.5 Cellular Configuration Screen (3G)	239
11.5.1 Cellular Add/Edit Screen	241
11.6 WLAN Interface General Screen	248
11.6.1 WLAN Add/Edit Screen	252
11.6.2 WLAN Add/Edit: WEP Security	258
11.6.3 WLAN Add/Edit: WPA-PSK/WPA2-PSK Security	259
11.6.4 WLAN Add/Edit: WPA/WPA2 Security	260
11.7 WLAN Interface MAC Filter	262
11.8 VLAN Interfaces	264
11.8.1 VLAN Summary Screen	266
11.8.2 VLAN Add/Edit	267
11.9 Bridge Interfaces	274
11.9.1 Bridge Summary	276
11.9.2 Bridge Add/Edit	277
11.9.3 Virtual Interfaces Add/Edit	282
11.10 Interface Technical Reference	284
Trunks	289
12.1 Overview	289
12.1.1 What You Can Do in this Chapter	289
12.1.2 What You Need to Know	290
12.2 The Trunk Summary Screen	292
12.3 Configuring a Trunk	293
12.4 Trunk Technical Reference	295
Policy and Static Routes	297
13.1 Policy and Static Routes Overview	297
13.1.1 What You Can Do in this Chapter	297
13.1.2 What You Need to Know	298
13.2 Policy Route Screen	300
13.2.1 Policy Route Edit Screen	303
13.3 IP Static Route Screen	307
13.3.1 Static Route Add/Edit Screen	308
13.4 Policy Routing Technical Reference	309
Routing Protocols	313
14.1 Routing Protocols Overview	313
14.1.1 What You Can Do in this Chapter	313
14.1.2 What You Need to Know	313
14.2 The RIP Screen	314
14.3 The OSPF Screen	315
14.3.1 Configuring the OSPF Screen	319
14.3.2 OSPF Area Add/Edit Screen	322
14.3.3 Virtual Link Add/Edit Screen	323
14.4 Routing Protocol Technical Reference	324
Zones	327
15.1 Zones Overview	327
15.1.1 What You Can Do in this Chapter	327
15.1.2 What You Need to Know	328
15.2 The Zone Screen	329
15.3 Zone Edit	330
DDNS	331
16.1 DDNS Overview	331
16.1.1 What You Can Do in this Chapter	331
16.1.2 What You Need to Know	331
16.2 The DDNS Screen	332
16.2.1 The Dynamic DNS Add/Edit Screen	334
NAT	337
17.1 NAT Overview	337
17.1.1 What You Can Do in this Chapter	337
17.1.2 What You Need to Know	338
17.2 The NAT Screen	338
17.2.1 The NAT Add/Edit Screen	340
17.3 NAT Technical Reference	343
HTTP Redirect	347
18.1 Overview	347
18.1.1 What You Can Do in this Chapter	347
18.1.2 What You Need to Know	348
18.2 The HTTP Redirect Screen	349
18.2.1 The HTTP Redirect Edit Screen	350
ALG	351
19.1 ALG Overview	351
19.1.1 What You Can Do in this Chapter	351
19.1.2 What You Need to Know	352
19.1.3 Before You Begin	355
19.2 The ALG Screen	355
19.3 ALG Technical Reference	357
IP/MAC Binding	359
20.1 IP/MAC Binding Overview	359
20.1.1 What You Can Do in this Chapter	359
20.1.2 What You Need to Know	360
20.2 IP/MAC Binding Summary	360
20.2.1 IP/MAC Binding Edit	361
20.2.2 Static DHCP Edit	362
20.3 IP/MAC Binding Exempt List	363
Authentication Policy	365
21.1 Overview	365
21.1.1 What You Can Do in this Chapter	365
21.1.2 What You Need to Know	366
21.2 Authentication Policy Screen	366
21.2.1 Creating/Editing an Authentication Policy	369
Firewall	373
22.1 Overview	373
22.1.1 What You Can Do in this Chapter	373
22.1.2 What You Need to Know	374
22.1.3 Firewall Rule Example Applications	376
22.1.4 Firewall Rule Configuration Example	379
22.2 The Firewall Screen	381
22.2.1 Configuring the Firewall Screen	382
22.2.2 The Firewall Add/Edit Screen	385
22.3 The Session Limit Screen	386
22.3.1 The Session Limit Add/Edit Screen	388
IPSec VPN	391
23.1 IPSec VPN Overview	391
23.1.1 What You Can Do in this Chapter	391
23.1.2 What You Need to Know	392
23.1.3 Before You Begin	394
23.2 The VPN Connection Screen	394
23.2.1 The VPN Connection Add/Edit (IKE) Screen	396
23.2.2 The VPN Connection Add/Edit Manual Key Screen	403
23.3 The VPN Gateway Screen	406
23.3.1 The VPN Gateway Add/Edit Screen	407
23.4 IPSec VPN Background Information	415
SSL VPN	427
24.1 Overview	427
24.1.1 What You Can Do in this Chapter	427
24.1.2 What You Need to Know	427
24.2 The SSL Access Privilege Screen	429
24.2.1 The SSL Access Policy Add/Edit Screen	430
24.3 The SSL Global Setting Screen	433
24.3.1 How to Upload a Custom Logo	434
24.4 Establishing an SSL VPN Connection	435
SSL User Screens	437
25.1 Overview	437
25.1.1 What You Need to Know	437
25.2 Remote User Login	438
25.3 The SSL VPN User Screens	443
25.4 Bookmarking the ZyWALL	444
25.5 Logging Out of the SSL VPN User Screens	444
SSL User Application Screens	447
26.1 SSL User Application Screens Overview	447
26.2 The Application Screen	447
ZyWALL SecuExtender	449
27.1 The ZyWALL SecuExtender Icon	449
27.2 Statistics	450
27.3 View Log	451
27.4 Suspend and Resume the Connection	451
27.5 Stop the Connection	452
27.6 Uninstalling the ZyWALL SecuExtender	452
Bandwidth Management	453
28.1 Overview	453
28.1.1 What You Can Do in this Chapter	453
28.1.2 What You Need to Know	453
28.1.3 Bandwidth Management Examples	457
28.2 TheBandwidth Management Screen	461
28.2.1 The Bandwidth Management Add/Edit Screen	463
ADP	467
29.1 Overview	467
29.1.1 ADP	467
29.1.2 What You Can Do in this Chapter	467
29.1.3 What You Need To Know	467
29.1.4 Before You Begin	468
29.2 The ADP General Screen	469
29.3 The Profile Summary Screen	470
29.3.1 Base Profiles	471
29.3.2 Configuring The ADP Profile Summary Screen	471
29.3.3 Creating New ADP Profiles	472
29.3.4 Traffic Anomaly Profiles	472
29.3.5 Protocol Anomaly Profiles	475
29.3.6 Protocol Anomaly Configuration	475
29.4 ADP Technical Reference	479
Content Filtering	487
30.1 Overview	487
30.1.1 What You Can Do in this Chapter	487
30.1.2 What You Need to Know	487
30.1.3 Before You Begin	489
30.2 Content Filter General Screen	489
30.3 Content Filter Policy Add or Edit Screen	492
30.4 Content Filter Profile Screen	494
30.5 Content Filter Categories Screen	494
30.5.1 Content Filter Blocked and Warning Messages	508
30.6 Content Filter Customization Screen	508
30.7 Content Filter Technical Reference	511
Content Filter Reports	513
31.1 Overview	513
31.2 Viewing Content Filter Reports	513
Anti-Spam	521
32.1 Overview	521
32.1.1 What You Can Do in this Chapter	521
32.1.2 What You Need to Know	521
32.2 Before You Begin	523
32.3 The Anti-Spam General Screen	523
32.3.1 The Anti-Spam Policy Add or Edit Screen	525
32.4 The Anti-Spam Black List Screen	527
32.4.1 The Anti-Spam Black or White List Add/Edit Screen	529
32.4.2 Regular Expressions in Black or White List Entries	530
32.5 The Anti-Spam White List Screen	531
32.6 The DNSBL Screen	532
32.7 Anti-Spam Technical Reference	534
User/Group	539
33.1 Overview	539
33.1.1 What You Can Do in this Chapter	539
33.1.2 What You Need To Know	539
33.2 User Summary Screen	542
33.2.1 User Add/Edit Screen	542
33.3 User Group Summary Screen	545
33.3.1 Group Add/Edit Screen	546
33.4 Setting Screen	547
33.4.1 Default User Authentication Timeout Settings Edit Screens	550
33.4.2 User Aware Login Example	552
33.5 User /Group Technical Reference	553
Addresses	555
34.1 Overview	555
34.1.1 What You Can Do in this Chapter	555
34.1.2 What You Need To Know	555
34.2 Address Summary Screen	555
34.2.1 Address Add/Edit Screen	557
34.3 Address Group Summary Screen	558
34.3.1 Address Group Add/Edit Screen	559
Services	561
35.1 Overview	561
35.1.1 What You Can Do in this Chapter	561
35.1.2 What You Need to Know	561
35.2 The Service Summary Screen	562
35.2.1 The Service Add/Edit Screen	564
35.3 The Service Group Summary Screen	564
35.3.1 The Service Group Add/Edit Screen	566
Schedules	567
36.1 Overview	567
36.1.1 What You Can Do in this Chapter	567
36.1.2 What You Need to Know	567
36.2 The Schedule Summary Screen	568
36.2.1 The One-Time Schedule Add/Edit Screen	569
36.2.2 The Recurring Schedule Add/Edit Screen	570
AAA Server	573
37.1 Overview	573
37.1.1 Directory Service (AD/LDAP)	573
37.1.2 RADIUS Server	574
37.1.3 ASAS	574
37.1.4 What You Can Do in this Chapter	574
37.1.5 What You Need To Know	575
37.2 Active Directory or LDAP Server Summary	577
37.2.1 Adding an Active Directory or LDAP Server	577
37.3 RADIUS Server Summary	579
37.3.1 Adding a RADIUS Server	581
Authentication Method	583
38.1 Overview	583
38.1.1 What You Can Do in this Chapter	583
38.1.2 Before You Begin	583
38.1.3 Example: Selecting a VPN Authentication Method	583
38.2 Authentication Method Objects	584
38.2.1 Creating an Authentication Method Object	585
Certificates	589
39.1 Overview	589
39.1.1 What You Can Do in this Chapter	589
39.1.2 What You Need to Know	589
39.1.3 Verifying a Certificate	591
39.2 The My Certificates Screen	593
39.2.1 The My Certificates Add Screen	594
39.2.2 The My Certificates Edit Screen	599
39.2.3 The My Certificates Import Screen	602
39.3 The Trusted Certificates Screen	603
39.3.1 The Trusted Certificates Edit Screen	604
39.3.2 The Trusted Certificates Import Screen	608
39.4 Certificates Technical Reference	609
ISP Accounts	611
40.1 Overview	611
40.1.1 What You Can Do in this Chapter	611
40.2 ISP Account Summary	611
40.2.1 ISP Account Edit	612
SSL Application	615
41.1 Overview	615
41.1.1 What You Can Do in this Chapter	615
41.1.2 What You Need to Know	615
41.1.3 Example: Specifying a Web Site for Access	616
41.2 The SSL Application Screen	617
41.2.1 Creating/Editing a Web-based SSL Application Object	618
Endpoint Security	621
42.1 Overview	621
42.1.1 What You Can Do in this Chapter	622
42.1.2 What You Need to Know	622
42.2 Endpoint Security Screen	623
42.3 Endpoint Security Add/Edit	624
System	629
43.1 Overview	629
43.1.1 What You Can Do in this Chapter	629
43.2 Host Name	630
43.3 USB Storage	631
43.4 Date and Time	631
43.4.1 Pre-defined NTP Time Servers List	634
43.4.2 Time Server Synchronization	635
43.5 Console Port Speed	636
43.6 DNS Overview	636
43.6.1 DNS Server Address Assignment	637
43.6.2 Configuring the DNS Screen	637
43.6.3 Address Record	640
43.6.4 PTR Record	640
43.6.5 Adding an Address/PTR Record	640
43.6.6 Domain Zone Forwarder	641
43.6.7 Adding a Domain Zone Forwarder	641
43.6.8 MX Record	642
43.6.9 Adding a MX Record	643
43.6.10 Adding a DNS Service Control Rule	643
43.7 WWW Overview	644
43.7.1 Service Access Limitations	644
43.7.2 System Timeout	645
43.7.3 HTTPS	645
43.7.4 Configuring WWW Service Control	646
43.7.5 Service Control Rules	650
43.7.6 Customizing the WWW Login Page	650
43.7.7 HTTPS Example	654
43.8 SSH	661
43.8.1 How SSH Works	662
43.8.2 SSH Implementation on the ZyWALL	663
43.8.3 Requirements for Using SSH	663
43.8.4 Configuring SSH	663
43.8.5 Secure Telnet Using SSH Examples	665
43.9 Telnet	666
43.9.1 Configuring Telnet	667
43.10 FTP	668
43.10.1 Configuring FTP	668
43.11 SNMP	670
43.11.1 Supported MIBs	672
43.11.2 SNMP Traps	672

Match case Limit results 1 per page

Chapter 19 ALG

ZyWALL USG 20/20W User’s Guide

357

19.3

ALG Technical Reference

Here is more detailed information about the Application Layer Gateway.

ALG

Some applications cannot operate through NAT (are NAT un-friendly) because

they embed IP addresses and port numbers in their packets’ data payload. The

ZyWALL examines and uses IP address and port number information embedded in

the VoIP traffic’s data stream. When a device behind the ZyWALL uses an

application for which the ZyWALL has VoIP pass through enabled, the ZyWALL

translates the device’s private IP address inside the data stream to a public IP

address. It also records session port numbers and allows the related sessions to

go through the firewall so the application’s traffic can come in from the WAN to the

LAN.

ALG and Trunks

If you send your ALG-managed traffic through an interface trunk and all of the

interfaces are set to active, you can configure routing policies to specify which

interface the ALG-managed traffic uses.

You could also have a trunk with one interface set to active and a second interface

set to passive. The ZyWALL does not automatically change ALG-managed

connections to the second (passive) interface when the active interface’s

connection goes down. When the active interface’s connection fails, the client

needs to re-initialize the connection through the second interface (that was set to

passive) in order to have the connection go through the second interface. VoIP

clients usually re-register automatically at set intervals or the users can manually

force them to re-register.

FTP

File Transfer Protocol (FTP) is an Internet file transfer service that operates on the

Internet and over TCP/IP networks. A system running the FTP server accepts

Additional FTP

Signaling Port

for

Transformations

If you are also using FTP on an additional TCP port number, enter it

here.

Apply

Click

Apply

to save your changes back to the ZyWALL.

Reset

Click

Reset

to return the screen to its last-saved settings.

Table 98

Configuration > Network > ALG (continued)

LABEL

DESCRIPTION