H.323 With Private Ip Addresses - D-Link NetDefend DFL-210 User Manual

Network security firewall
Hide thumbs Also See for NetDefend DFL-210:
Table of Contents

Advertisement

6.2.8. H.323
Example 6.5. H.323 with private IP addresses
In this scenario a H.323 phone is connected to the D-Link Firewall on a network with private IP addresses. To
make it possible to place a call from this phone to another H.323 phone on the Internet, and to allow H.323
phones on the Internet to call this phone, we need to configure rules. The following rules need to be added to the
rule set, make sure there are no rules disallowing or allowing the same kind of ports/traffic before these rules. As
we are using private IPs on the phone incoming traffic need to be SATed as in the example below. The object
ip-phone below should be the internal IP of the H.323 phone.
Web Interface
Outgoing Rule:
1.
Go to Rules > IP Rules > Add > IPRule
2.
Now enter:
Name: H323Out
Action: NAT
Service: H323
Source Interface: lan
Destination Interface: any
Source Network: lannet
Destination Network: 0.0.0.0/0 (all-nets)
Comment: Allow outgoing calls
3.
Click OK
Incoming Rules:
1.
Go to Rules > IP Rules > Add > IPRule
2.
Now enter:
Name: H323In
Action: SAT
Service: H323
Source Interface: any
Destination Interface: core
Source Network: 0.0.0.0/0 (all-nets)
Destination Network: wan_ip (external IP of the firewall)
Comment: Allow incoming calls to H.323 phone at ip-phone
3.
For SAT enter Translate Destination IP Address: To New IP Address: ip-phone (IP address of phone).
4.
Click OK
1.
Go to Rules > IP Rules > Add > IPRule
2.
Now enter:
Name: H323In
Action: Allow
Service: H323
Source Interface: any
159
Chapter 6. Security Mechanisms

Advertisement

Table of Contents
loading

Table of Contents