Two phones behind different d-link firewalls – D-Link DFL-2500 User Manual
Page 160
•
Destination Interface: core
•
Source Network: 0.0.0.0/0 (all-nets)
•
Destination Network: wan_ip (external IP of the firewall)
•
Comment: Allow incoming calls to H.323 phone at ip-phone
3.
Click OK
To place a call to the phone behind the D-Link Firewall, place a call to the external IP address on
the firewall. If multiple H.323 phones are placed behind the firewall, one SAT rule has to be
configured for each phone. This means that multiple external addresses have to be used. However, it
is preferred to use a H.323 gatekeeper as in the "H.323 with Gatekeeper" scenario, as this only
requires one external address.
Example 6.6. Two Phones Behind Different D-Link Firewalls
This scenario consists of two H.323 phones, each one connected behind the D-Link Firewall on a network with
public IP addresses. In order to place calls on these phones over the Internet, the following rules need to be
added to the rule listings in both firewalls. Make sure there are no rules disallowing or allowing the same kind of
ports/traffic before these rules.
Web Interface
Outgoing Rule:
1.
Go to Rules > IP Rules > Add > IPRule
2.
Now enter:
•
Name: H323AllowOut
•
Action: Allow
•
Service: H323
•
Source Interface: lan
•
Destination Interface: any
•
Source Network: lannet
•
Destination Network: 0.0.0.0/0 (all-nets)
•
Comment: Allow outgoing calls
3.
Click OK
Incoming Rule:
6.2.8. H.323
Chapter 6. Security Mechanisms
160