H.323 with gatekeeper – Amer Networks E5Web GUI User Manual

1.

Go to: Policies > Add > IPRule

2.

Now enter:

•

Name: H323In

•

Action: SAT

•

Service: H323

•

Source Interface: any

•

Destination Interface: core

•

Source Network: 0.0.0.0/0 (all-nets)

•

Destination Network: wan_ip (external IP of the security gateway)

•

Comment: Allow incoming calls to H.323 phone at ip-phone

3.

For SAT enter Translate Destination IP Address: To New IP Address: ip-phone (IP address
of phone)

4.

Click OK

1.

Go to: Policies > Add > IPRule

2.

Now enter:

•

Name: H323In

•

Action: Allow

•

Service: H323

•

Source Interface: any

•

Destination Interface: core

•

Source Network: 0.0.0.0/0 (all-nets)

•

Destination Network: wan_ip (external IP of the security gateway)

•

Comment: Allow incoming calls to H.323 phone at ip-phone

3.

Click OK

To place a call to the phone behind the Clavister Security Gateway, place a call to the external IP
address on the security gateway. If multiple H.323 phones are placed behind the security
gateway, one SAT rule has to be configured for each phone. This means that multiple external
addresses have to be used. However, it is preferable to use an H.323 gatekeeper as this only
requires one external address.

Example 6.9. H.323 with Gatekeeper

In this scenario, a H.323 gatekeeper is placed in the DMZ of the Clavister Security Gateway. A rule
is configured in the security gateway to allow traffic between the private network where the

Chapter 6: Security Mechanisms

431