Create a new VoIP Profile object:
1.
Go to: Policies > Firewalling > VoIP > Add > VoIP Profile
2.
Specify a name for the profile, in this case my_h323_profile
3.
Click OK
Create a custom Service object for H.323:
1.
Go to: Objects > Services > Add > TCP/UDP
2.
Now enter:
•
Name: my_h323_policy_service
•
Type: TCP
•
Destination port: 1720
•
Protocol: H.323
3.
Click OK
Create an IP policy for outgoing H.323 traffic:
1.
Go to: Policies > Firewalling > Main IP Rules > Add > IP Policy
2.
Now enter:
•
Name: H323AllowOut
•
Action: Allow
•
Source Interface: lan
•
Source Network: lannet
•
Destination Interface: any
•
Destination Network: all-nets
•
Service: my_h323_policy_service
•
Comment: Allow outgoing H.323 calls.
3.
Select the VoIP tab, enable VoIP and select my_h323_profile
4.
Click OK
Create an IP policy for incoming H.323 traffic:
1.
Go to: Policies > Firewalling > Main IP Rules > Add > IP Policy
2.
Now enter:
•
Name: H323AllowIn
•
Action: Allow
484
Chapter 6: Security Mechanisms