ZyXEL Communications ZyWALL USG Series Application Notes page 179

USG's 10.0.0.8 WAN IP address to LAN IP address 192.168.1.56.
Click Configuration > Network > NAT > Add > Create New Object > Address and create an
1
IPv4 host address object for the public WAN IP address (called WAN_IP-for-H323 here). Repeat to
create an address object for the H.323 device's private LAN IP address (called LAN_H323 here).
Configure a name for the rule (WAN-LAN_H323 here).
You want the LAN H.323 device to receive peer-to-peer calls from the WAN and also be able to
initiate calls to the WAN so you set the Classification to NAT 1:1.
Set the Incoming Interface to the WAN interface.
Set the Original IP to the WAN address object (WAN_IP-for-H323).
Set the Mapped IP to the H.323 device's LAN IP address object (LAN_H323).
Set the Port Mapping Type to Port, the Protocol Type to TCP and the original and mapped ports to
1720.
Click OK.
4.7.1.3 Set Up a Firewall Rule For H.323
Configure a firewall rule to allow H.323 (TCP port 1720) traffic received on the WAN_IP-for-H323 IP
address to go to LAN IP address 192.168.1.56.
Click Configuration > Firewall > Add.
1
In the From field select WAN.
In the To field select LAN1.
Configure a name for the rule (WAN-to-LAN_H323 here).
Set the Destination to the H.323 device's LAN1 IP address object (LAN_H323). LAN_H323 is
the destination because the USG applies NAT to traffic before applying the firewall rule.
Set the Service to H.323.
Click OK.
178