6.2.9. The H.323 ALG
Incoming Rule:
1.
Go to Rules > IP Rules > Add > IPRule
2.
Now enter:
•
Name: H323AllowIn
•
Action: Allow
•
Service: H323
•
Source Interface: any
•
Destination Interface: lan
•
Source Network: 0.0.0.0/0 (all-nets)
•
Destination Network: lannet
•
Comment: Allow incoming calls
3.
Click OK
Example 6.7. Using Private IP Addresses
This scenario consists of two H.323 phones, each one connected behind the NetDefend Firewall on a network
with private IP addresses. In order to place calls on these phones over the Internet, the following rules need to be
added to the rule set in the firewall. Make sure there are no rules disallowing or allowing the same kind of
ports/traffic before these rules. As we are using private IPs on the phones, incoming traffic need to be SATed as
in the example below. The object ip-phone below should be the internal IP of the H.323 phone behind each
firewall.
Web Interface
Outgoing Rule:
1.
Go to Rules > IP Rules > Add > IPRule
2.
Now enter:
•
Name: H323Out
•
Action: NAT
•
Service: H323
•
Source Interface: lan
•
Destination Interface: any
•
Source Network: lannet
•
Destination Network: 0.0.0.0/0 (all-nets)
•
Comment: Allow outgoing calls
3.
Click OK
Incoming Rules:
1.
Go to Rules > IP Rules > Add > IPRule
2.
Now enter:
•
Name: H323In
•
Action: SAT
•
Service: H323
286
Chapter 6. Security Mechanisms