D-Link NetDefendOS User Manual page 480

T.120
H.323 ALG features
The H.323 ALG is a flexible application layer gateway that allows H.323 devices such as H.323
phones and applications to make and receive calls between each other when connected via
private networks secured by NetDefend Firewalls.
The H.323 specification was not designed to handle NAT, as IP addresses and ports are sent in the
payload of H.323 messages. The H.323 ALG modifies and translates H.323 messages to make sure
that H.323 messages will be routed to the correct destination and allowed through the
NetDefend Firewall.
H.323 handling by NetDefendOS has the following characteristics:
• NetDefendOS supports version H.323 version 5 of the H.323 specification. This specification is
built upon H.225.0 v5 and H.245 v10.
• In addition to support voice and video calls, NetDefendOS supports application sharing over
the T.120 protocol. T.120 uses TCP to transport data while voice and video is transported over
UDP.
• To support gatekeepers, NetDefendOS monitors RAS traffic between H.323 endpoints and
the gatekeeper, in order to correctly configure the NetDefend Firewall to let calls through.
• NAT and SAT rules/policies are supported, allowing clients and gatekeepers to use private
IPv4 addresses on a network behind the NetDefend Firewall.
NetDefendOS H.323 Configuration
In NetDefendOS, the configuration of H.323 can be done in one of two ways:
• Using a H.323 ALG object with an IP Rule object
An H.323 ALG object is associated with a Service object configured for the H.323 protocol. The
service object is then used with the IP Rule objects that control H.323 traffic flow.
In NetDefendOS version 11.03 and later, a predefined H.323 ALG is not present in the default
configuration and therefore a new H.323 ALG object must always be created when using an IP
Rule object with H.323. In older NetDefendOS versions that are upgraded to 11.03 or later, the
predefined H.323 ALG object will be retained.
• Using a VoIP Profile object with an IP Policy object
H.323 can alternatively be configured using IP Policy objects. This is done by creating a VoIP
Profile object and specifying the H.323 options on that instead of an H.323 ALG. The VoIP
Profile object is then associated with the IP Policy object that controls traffic.
A Service object configured for H.323 traffic must also be used with the IP Policy object. This
Service object must have its Protocol property set to H.323.
negotiate opening and closing of logical channels. A logical
channel could be, for example, an audio channel used for
voice communication. Video and T.120 channels are also
called logical channels during negotiation.
A suite of communication and application protocols.
Depending on the type of H.323 product, T.120 protocol
can be used for application sharing, file transfer as well as
for conferencing features such as whiteboards.
480
Chapter 6: Security Mechanisms