Amer Networks E5Web GUI User Manual
Page 425

•
Number of TCP Data Channels
The number of TCP data channels allowed can be specified.
•
Address Translation
For NATed traffic the Network can be specified, which is what is allowed to be translated.
The External IP for the Network is specified which is the IPv4 address to NAT with. If the
External IP is set as Auto then the external IP is found automatically through route lookup.
•
Translate Logical Channel Addresses
This would normally always be set. If not enabled then no address translation will be done on
logical channel addresses and the administrator needs to be sure about IP addresses and
routes used in a particular scenario.
•
Gatekeeper Registration Lifetime
The gatekeeper registration lifetime can be controlled in order to force re-registration by
clients within a certain time. A shorter time forces more frequent registration by clients with
the gatekeeper and less probability of a problem if the network becomes unavailable and the
client thinks it is still registered.
Presented below are some network scenarios where H.323 ALG use is applicable. For each
scenario a configuration example of both the ALG and the rules are presented. The three service
definitions used in these scenarios are:
•
Gatekeeper (UDP ALL > 1719)
•
H323 (H.323 ALG, TCP ALL > 1720)
•
H323-Gatekeeper (H.323 ALG, UDP > 1719)
Example 6.5. Protecting Phones Behind Clavister Security Gateways
In the first scenario a H.323 phone is connected to the Clavister Security Gateway on a network
(lan_net) with public IP addresses. To make it possible to place a call from this phone to another
H.323 phone on the Internet, and to allow H.323 phones on the Internet to call this phone, we
need to configure rules. The following rules need to be added to the rule set, make sure there are
no rules disallowing or allowing the same kind of ports/traffic before these rules.
Chapter 6: Security Mechanisms
425