beautypg.com

Two phones behind different d-link firewalls – D-Link DFL-2500 User Manual

Page 160

background image

Destination Interface: core

Source Network: 0.0.0.0/0 (all-nets)

Destination Network: wan_ip (external IP of the firewall)

Comment: Allow incoming calls to H.323 phone at ip-phone

3.

Click OK

To place a call to the phone behind the D-Link Firewall, place a call to the external IP address on
the firewall. If multiple H.323 phones are placed behind the firewall, one SAT rule has to be
configured for each phone. This means that multiple external addresses have to be used. However, it
is preferred to use a H.323 gatekeeper as in the "H.323 with Gatekeeper" scenario, as this only
requires one external address.

Example 6.6. Two Phones Behind Different D-Link Firewalls

This scenario consists of two H.323 phones, each one connected behind the D-Link Firewall on a network with
public IP addresses. In order to place calls on these phones over the Internet, the following rules need to be
added to the rule listings in both firewalls. Make sure there are no rules disallowing or allowing the same kind of
ports/traffic before these rules.

Web Interface
Outgoing Rule:

1.

Go to Rules > IP Rules > Add > IPRule

2.

Now enter:

Name: H323AllowOut

Action: Allow

Service: H323

Source Interface: lan

Destination Interface: any

Source Network: lannet

Destination Network: 0.0.0.0/0 (all-nets)

Comment: Allow outgoing calls

3.

Click OK

Incoming Rule:

6.2.8. H.323

Chapter 6. Security Mechanisms

160