D-Link NetDefend DFL-210 User Manual page 125

6.2.5. H.323
H.245 Media Control and Trans-
port
T.120
H.323 ALG features
The H.323 ALG is a flexible application layer gateway that allows H.323 devices such as H.323
phones and applications to make and receive calls between each other when connected via private
networks secured by D-Link Firewalls.
The H.323 specification was not designed to handle NAT, as IP addresses and ports are sent in the
payload of H.323 messages. The H.323 ALG modifies and translates H.323 messages to make sure
that H.323 messages will be routed to the correct destination and allowed through the D-Link Fire-
wall.
The H.323 ALG has the following features:
• The H.323 ALG supports version 5 of the H.323 specification. This specification is built upon
H.225.0 v5 and H.245 v10.
• In addition to support voice and video calls, the H.323 ALG supports application sharing over
the T.120 protocol. T.120 uses TCP to transport data while voice and video is transported over
UDP.
• To support gatekeepers, the ALG monitors RAS traffic between H.323 endpoints and the gate-
keeper, in order to correctly configure the D-Link Firewall to let calls through.
• NAT and SAT rules are supported, allowing clients and gatekeepers to use private IP addresses
on a network behind the D-Link Firewall.
H.323 ALG Configuration
The configuration of the standard H.323 ALG can be changed to suit different usage scenarios. The
configurable options are:
• Allow TCP Data Channels - This option allows TCP based data channels to be negotiated.
Data channels are used, for instance, by the T.120 protocol.
• Number of TCP Data Channels - The number of TCP data channels allowed can be specified.
• Address Translation - For NATed traffic the Network can be specified, which is what is al-
lowed to be translated. The External IP for the Network is specified which is the IP address to
NAT with. If the External IP is set as Auto then the external IP is found automatically through
route lookup.
• Translate Logical Channel Addresses - This would normally always be set. If not enabled then
no address translation will be done on logical channel addresses and the administrator needs to
be sure about IP addresses and routes used in a particular scenario.
• Gatekeeper Registration Lifetime - The gatekeeper registration lifetime can be controlled in
order to force re-registration by clients within a certain time. A shorter time forces more frequent
Provides control of multimedia sessions established between
two H.323 endpoints. Its most important task is to negotiate
opening and closing of logical channels. A logical channel is,
for instance, an audio channel used for voice communication.
Video and T.120 channels are also called logical channels
during negotiation.
A suite of communication and application protocols. Depend-
ing on the type of H.323 product, T.120 protocol can be used
for application sharing, file transfer as well as for conferen-
cing features such as whiteboards.
112
Chapter 6. Security Mechanisms