D-Link NetDefend DFL-210 User Manual page 130

6.2.5. H.323
This scenario consists of two H.323 phones, each one connected behind the D-Link Firewall on a network with
private IP addresses. In order to place calls on these phones over the Internet, the following rules need to be ad-
ded to the rule-set in the firewall, make sure there are no rules disallowing or allowing the same kind of ports/
traffic before these rules. As we are using private IPs on the phones, incoming traffic need to be SATed as in the
example below. The object ip-phone below should be the internal IP of the H.323 phone behind each firewall.
Web Interface
Outgoing Rule:
1. Go to Rules > IP Rules > Add > IPRule
2. Now enter:
• Name: H323Out
• Action: NAT
• Service: H323
• Source Interface: lan
• Destination Interface: any
• Source Network: lannet
• Destination Network: 0.0.0.0/0 (all-nets)
• Comment: Allow outgoing calls
3. Click OK.
Incoming Rules:
1. Go to Rules > IP Rules > Add > IPRule
2. Now enter:
• Name: H323In
• Action: SAT
• Service: H323
• Source Interface: any
• Destination Interface: core
• Source Network: 0.0.0.0/0 (all-nets)
• Destination Network: wan_ip (external IP of the firewall)
• Comment: Allow incoming calls to H.323 phone at ip-phone
3. For SAT enter Translate Destination IP Address: To New IP Address: ip-phone (IP address of phone)
4. Click OK
1. Go to Rules > IP Rules > Add > IPRule
2. Now enter:
• Name: H323In
• Action: Allow
• Service: H323
• Source Interface: any
• Destination Interface: core
• Source Network: 0.0.0.0/0 (all-nets)
• Destination Network: wan_ip (external IP of the firewall)
117
Chapter 6. Security Mechanisms