Protecting Phones Behind D-Link Firewalls - D-Link NetDefend DFL-210 User Manual

6.2.5. H.323
registration by clients with the gatekeeper and less probability of a problem if the network be-
comes unavailable and the client thinks it is still registered.
Presented below are some network scenarios where H.323 ALG use is applicable. For each scenario
a configuration example of both the ALG and the rules are presented. The three service definitions
used in these scenarios are:
• Gatekeeper (UDP ALL > 1719)
• H323 (H.323 ALG, TCP ALL > 1720)
• H323-Gatekeeper (H.323 ALG, UDP > 1719)
Example 6.4. Protecting Phones Behind D-Link Firewalls
In the first scenario a H.323 phone is connected to the D-Link Firewall on a network (lannet) with public IP ad-
dresses. To make it possible to place a call from this phone to another H.323 phone on the Internet, and to allow
H.323 phones on the Internet to call this phone, we need to configure rules. The following rules need to be added
to the rule-set, make sure there are no rules disallowing or allowing the same kind of ports/traffic before these
rules.
Web Interface
Outgoing Rule:
1. Go to Rules > IP Rules > Add > IPRule
2. Now enter:
• Name: H323AllowOut
• Action: Allow
• Service: H323
• Source Interface: lan
• Destination Interface: any
• Source Network: lannet
• Destination Network: 0.0.0.0/0 (all-nets)
• Comment: Allow outgoing calls
113
Chapter 6. Security Mechanisms