D-Link NetDefend DFL-210 User Manual page 246

6.2.9. The H.323 ALG
In this scenario, a H.323 gatekeeper is placed in the DMZ of the NetDefend Firewall. A rule is configured in the
firewall to allow traffic between the private network where the H.323 phones are connected on the internal
network and to the Gatekeeper on the DMZ. The Gatekeeper on the DMZ is configured with a private address.
The following rules need to be added to the rule listings in both firewalls, make sure there are no rules disallowing
or allowing the same kind of ports/traffic before these rules.
Web Interface
Incoming Gatekeeper Rules:
1. Go to Rules > IP Rules > Add > IPRule
2. Now enter:
• Name: H323In
• Action: SAT
• Service: H323-Gatekeeper
• Source Interface: any
• Destination Interface: core
• Source Network: 0.0.0.0/0 (all-nets)
• Destination Network: wan_ip (external IP of the firewall)
• Comment: SAT rule for incoming communication with the Gatekeeper located at ip-gatekeeper
3. For SAT enter Translate Destination IP Address: To New IP Address: ip-gatekeeper (IP address of
gatekeeper).
4. Click OK
1. Go to Rules > IP Rules > Add > IPRule
2. Now enter:
• Name: H323In
• Action: Allow
• Service: H323-Gatekeeper
• Source Interface: any
• Destination Interface: core
• Source Network: 0.0.0.0/0 (all-nets)
• Destination Network: wan_ip (external IP of the firewall)
246
Chapter 6. Security Mechanisms