6.2.9. The H.323 ALG
a configuration example of both the ALG and the rules are presented. The three service definitions
used in these scenarios are:
•
Gatekeeper (UDP ALL > 1719)
•
H323 (H.323 ALG, TCP ALL > 1720)
•
H323-Gatekeeper (H.323 ALG, UDP > 1719)
Example 6.4. Protecting Phones Behind NetDefend Firewalls
In the first scenario a H.323 phone is connected to the NetDefend Firewall on a network (lannet) with public IP
addresses. To make it possible to place a call from this phone to another H.323 phone on the Internet, and to
allow H.323 phones on the Internet to call this phone, we need to configure rules. The following rules need to be
added to the rule set, make sure there are no rules disallowing or allowing the same kind of ports/traffic before
these rules.
Web Interface
Outgoing Rule:
1.
Go to Rules > IP Rules > Add > IPRule
2.
Now enter:
•
Name: H323AllowOut
•
Action: Allow
•
Service: H323
•
Source Interface: lan
•
Destination Interface: any
•
Source Network: lannet
•
Destination Network: 0.0.0.0/0 (all-nets)
•
Comment: Allow outgoing calls
3.
Click OK
Incoming Rule:
241
Chapter 6. Security Mechanisms