Amer Networks E5Web GUI User Manual

2.

Now enter:

•

Name: H323In

•

Action: Allow

•

Service: H323-Gatekeeper

•

Source Interface: any

•

Destination Interface: core

•

Source Network: 0.0.0.0/0 (all-nets)

•

Destination Network: wan_ip (external IP of the security gateway)

•

Comment: Allow incoming communication with the Gatekeeper

3.

Click OK

1.

Go to: Policies > Add > IPRule

2.

Now enter:

•

Name: H323In

•

Action: Allow

•

Service: H323-Gatekeeper

•

Source Interface: lan

•

Destination Interface: dmz

•

Source Network: lan_net

•

Destination Network: ip-gatekeeper (IP address of the gatekeeper)

•

Comment: Allow incoming communication with the Gatekeeper

3.

Click OK

Note: Outgoing calls do not need a specific rule

There is no need to specify a specific rule for outgoing calls. cOS Core monitors the
communication between "external" phones and the Gatekeeper to make sure that it is
possible for internal phones to call the external phones that are registered with the
gatekeeper.

Example 6.10. H.323 with Gatekeeper and two Clavister Security Gateways

This scenario is quite similar to scenario 3, with the difference that the Clavister Security Gateway
is protecting the "external" phones. The Clavister Security Gateway with the Gatekeeper
connected to the DMZ should be configured exactly as in scenario 3. The other Clavister Security
Gateway should be configured as below. The rules need to be added to the rule listings, and it

Chapter 6: Security Mechanisms

433