• Source Interface: lan
• Source Network: lannet
• Destination Interface: any
• Destination Network: all-nets
• Service: my_h323_gatekeeper_service
• Comment: Allow outgoing communication from the gatekeeper.
3. Click OK
Note: Outgoing calls do not need a specific rule/policy
There is no need to specify a specific rule/policy for outgoing calls. NetDefendOS
monitors the communication between "external" phones and the Gatekeeper to make
sure that it is possible for internal phones to call the external phones that are registered
with the gatekeeper.
Example 6.16. Using H.323 in an Enterprise Environment
This is an example of a more complex situation that shows how the H.323 ALG can be deployed
in a enterprise environment. At the head office DMZ is a H.323 gatekeeper that can handle all
H.323 clients in the head, branch and remote offices. This will allow the whole enterprise to use
the network for both voice communication and application sharing.
It is assumed that the VPN tunnels are correctly configured and that all offices use private IP
ranges on their local networks. All outside calls are made over the existing telephone network
using the gateway (ip-gateway) which is connected to the ordinary telephone network.
Chapter 6: Security Mechanisms
495
To Next Page
Loading...
