D-Link DFL-260 Product Manual - Page 275
The H.323 ALG, Destination Port, Terminals
UPC - 790069296802
View all D-Link DFL-260 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 275 highlights
6.2.9. The H.323 ALG Chapter 6. Security Mechanisms • Destination Port set to 5060 (the default SIP signalling port) • Type set to TCP/UDP 3. Define four rules in the IP rule set: • An Allow rule for outbound traffic from the clients on the internal network to the proxy located on the DMZ interface. • An Allow rule for outbound traffic from the proxy behind the DMZ interface to the remote clients on the Internet. • An Allow rule for inbound SIP traffic from the SIP proxy behind the DMZ interface to the clients located on the local, protected network. • An Allow rule for inbound SIP traffic from clients and proxies on the Internet to the proxy behind the DMZ interface. 4. If Record-Route is not enabled at the proxy, direct exchange of SIP messages must also be allowed between clients, bypassing the proxy. The following two additional rules are therefore needed when Record-Route is disabled: • An Allow rule for outbound traffic from the clients on the local network to the external clients and proxies on the Internet. • An Allow rule for inbound SIP traffic from the Internet to clients on the local network. The IP rules with Record-Route enabled are: OutboundToProxy OutboundFromProxy InboundFromProxy InboundToProxy Action Allow Allow Allow Allow Src Interface lan dmz dmz wan Src Network lannet ip_proxy ip_proxy all-nets Dest Interface dmz lan core dmz Dest Network ip_proxy lannet dmz_ip ip_proxy With Record-Route disabled, the following IP rules must be added to those above: OutboundBypassProxy InboundBypassProxy Action Allow Allow Src Interface lan wan Src Network lannet all-nets Dest Interface wan lan Dest Network all-nets lannet 6.2.9. The H.323 ALG H.323 is a standard approved by the International Telecommunication Union (ITU) to allow compatibility in video conference transmissions over IP networks. It is used for real-time audio, video and data communication over packet-based networks such as the Internet. It specifies the components, protocols and procedures for providing such multimedia communication, including Internet phone and voice-over-IP (VoIP). H.323 Components H.323 consists of four main components: Terminals Devices used for audio and optionally video or data communication, such as phones, conferencing units, or "software phones" such as the product "NetMeeting". 275