6.2.8. The H.323 ALG
•
Source Interface: lan
•
Destination Interface: dmz
•
Source Network: lannet
•
Destination Network: ip-gateway
•
Comment: Allow H.323 entities on lannet to call phones connected to the H.323 Gateway on the DMZ
3.
Click OK
1.
Go to Rules > IP Rules > Add > IPRule
2.
Now enter:
•
Name: GWToLan
•
Action: Allow
•
Service: H323-Gatekeeper
•
Source Interface: dmz
•
Destination Interface: lan
•
Source Network: ip-gateway
•
Destination Network: lannet
•
Comment: Allow communication from the Gateway to H.323 phones on lannet
3.
Click OK
1.
Go to Rules > IP Rules > Add > IPRule
2.
Now enter:
•
Name: BranchToGW
•
Action: Allow
•
Service: H323-Gatekeeper
•
Source Interface: vpn-branch
•
Destination Interface: dmz
•
Source Network: branch-net
•
Destination Network: ip-gatekeeper, ip-gateway
•
Comment: Allow communication with the Gatekeeper on DMZ from the Branch network
3.
Click OK
1.
Go to Rules > IP Rules > Add > IPRule
2.
Now enter:
•
Name: BranchToGW
•
Action: Allow
•
Service: H323-Gatekeeper
•
Source Interface: vpn-remote
•
Destination Interface: dmz
•
Source Network: remote-net
•
Destination Network: ip-gatekeeper
•
Comment: Allow communication with the Gatekeeper on DMZ from the Remote network
246
Chapter 6. Security Mechanisms