177
• The USG checks the firewall rules in order and applies the first firewall rule the traffic matches. If
traffic matches a rule that comes earlier in the list, it may be unexpectedly blocked.
• The USG does not apply the firewall rule. The USG only apply’s a zone’s rules to the interfaces
that belong to the zone. Make sure the WAN interface is assigned to WAN zone.
4.7 How to Manage Voice Traffic
Here are examples of allowing H.323 and SIP traffic through the USG.
4.7.1 How to Allow Incoming H.323 Peer-to-peer Calls
Suppose you have a H.323 device on the LAN for VoIP calls and you want it to be able to receive
peer-to-peer calls from the WAN. Here is an example of how to configure NAT and the firewall to
have the USG forward H.323 traffic destined for WAN IP address 10.0.0.8 to a H.323 device located
on the LAN and using IP address 192.168.1.56.
Figure 46 WAN to LAN H.323 Peer-to-peer Calls Example
4.7.1.1 Turn On the ALG
Click Configuration > Network > ALG. Select Enable H.323 ALG and Enable H.323
transformations and click Apply.
Figure 47 Configuration > Network > ALG
4.7.1.2 Set Up a NAT Policy For H.323
In this example, you need a NAT policy to forward H.323 (TCP port 1720) traffic received on the
To Next Page
Loading...
