6.2.5. H.323
Web Interface
1.
Go to Rules > IP Rules > Add > IPRule
2.
Now enter:
•
Name: H323Out
•
Action: NAT
•
Service: H323-Gatekeeper
•
Source Interface: lan
•
Destination Interface: any
•
Source Network: lannet
•
Destination Network: 0.0.0.0/0 (all-nets)
•
Comment: Allow outgoing communication with a gatekeeper
3.
Click OK
Example 6.10. Using the H.323 ALG in a Corporate Environment
This scenario is an example of a more complex network that shows how the H.323 ALG can be deployed in a cor-
porate environment. At the head office DMZ a H.323 Gatekeeper is placed that can handle all H.323 clients in the
head-, branch- and remote offices. This will allow the whole corporation to use the network for both voice commu-
nication and application sharing. It is assumed that the VPN tunnels are correctly configured and that all offices
use private IP-ranges on their local networks. All outside calls are done over the existing telephone network using
the gateway (ip-gateway) connected to the ordinary telephone network.
Note
There is no need to specify a specific rule for outgoing calls. NetDefendOS monitors
the communication between "external" phones and the Gatekeeper to make sure that it
is possible for internal phones to call the external phones that are registered with the
gatekeeper.
120
Chapter 6. Security Mechanisms