D-Link DFL-1660 User Manual page 310

6.2.9. The H.323 ALG
The H.323 ALG has the following features:
• The H.323 ALG supports version 5 of the H.323 specification. This specification is built upon
H.225.0 v5 and H.245 v10.
• In addition to support voice and video calls, the H.323 ALG supports application sharing over
the T.120 protocol. T.120 uses TCP to transport data while voice and video is transported over
UDP.
• To support gatekeepers, the ALG monitors RAS traffic between H.323 endpoints and the
gatekeeper, in order to correctly configure the NetDefend Firewall to let calls through.
• NAT and SAT rules are supported, allowing clients and gatekeepers to use private IPv4 addresses
on a network behind the NetDefend Firewall.
H.323 ALG Configuration
The configuration of the standard H.323 ALG can be changed to suit different usage scenarios. The
configurable options are:
• Allow TCP Data Channels
This option allows TCP based data channels to be negotiated. Data channels are used, for
example, by the T.120 protocol.
• Number of TCP Data Channels
The number of TCP data channels allowed can be specified.
• Address Translation
For NATed traffic the Network can be specified, which is what is allowed to be translated. The
External IP for the Network is specified which is the IPv4 address to NAT with. If the
External IP is set as Auto then the external IP is found automatically through route lookup.
• Translate Logical Channel Addresses
This would normally always be set. If not enabled then no address translation will be done on
logical channel addresses and the administrator needs to be sure about IP addresses and routes
used in a particular scenario.
• Gatekeeper Registration Lifetime
The gatekeeper registration lifetime can be controlled in order to force re-registration by clients
within a certain time. A shorter time forces more frequent registration by clients with the
gatekeeper and less probability of a problem if the network becomes unavailable and the client
thinks it is still registered.
Presented below are some network scenarios where H.323 ALG use is applicable. For each scenario
a configuration example of both the ALG and the rules are presented. The three service definitions
used in these scenarios are:
• Gatekeeper (UDP ALL > 1719)
• H323 (H.323 ALG, TCP ALL > 1720)
• H323-Gatekeeper (H.323 ALG, UDP > 1719)
310
Chapter 6. Security Mechanisms