Scenarios: H.323 Alg Configuration - D-Link DFL-1600 User Manual

18.4. H.323
The H.323 ALG supports version 5 of the H.323 specification. This
specification is built upon H.225.0 v5 and H.245 v10. In addition to
support voice and video calls, the H.323 ALG supports application sharing
over the T.120 protocol. T.120 uses TCP to transport data while voice and
video is transported over UDP.
To support gatekeepers, the ALG makes sure to monitor RAS traffic
between H.323 endpoints and the gatekeeper, in order to configure the
firewall to let calls through.
NAT and SAT rules are supported, allowing clients and gatekeepers to use
private IP addresses on a network behind the firewall.
18.4.5
The H.323 ALG can be configured to suit different usage scenarios.
It is possible to configure if TCP data channels should be allowed to
traverse the firewall or not. TCP data channels are used by the T.120
protocol (see 18.4.3), for instance. Also, the maximum number of TCP
data channels can be limited to a fixed value.
The gatekeeper registration lifetime can be controlled by the firewall in
order to force re-registration of clients within a time frame specified by the
administrator.
Presented here are a few network scenarios, visualized in network diagrams.
The scenarios are examples of network setups where the H.323 ALG is
suitable to use. For each scenario a configuration example of both the ALG
and the rules are presented.
The three service definitions used in these scenarios are:
Gatekeeper (UDP ALL
H323 (H.323 ALG, TCP ALL
H323-Gatekeeper (H.323 ALG, UDP
: H.323 ALG Configuration
1719)
1720)
D-Link Firewalls User's Guide
1719)
161