D-Link NetDefend DFL-210 User Manual page 240
Network security firewall ver 2.26.01
Hide thumbs
Also See for NetDefend DFL-210:
- Log reference manual (476 pages) ,
- User manual (469 pages) ,
- Cli reference manual (213 pages)
Table of Contents
Advertisement
6.2.9. The H.323 ALG
T.120
H.323 ALG features
The H.323 ALG is a flexible application layer gateway that allows H.323 devices such as H.323
phones and applications to make and receive calls between each other when connected via private
networks secured by NetDefend Firewalls.
The H.323 specification was not designed to handle NAT, as IP addresses and ports are sent in the
payload of H.323 messages. The H.323 ALG modifies and translates H.323 messages to make sure
that H.323 messages will be routed to the correct destination and allowed through the NetDefend
Firewall.
The H.323 ALG has the following features:
•
The H.323 ALG supports version 5 of the H.323 specification. This specification is built upon
H.225.0 v5 and H.245 v10.
•
In addition to support voice and video calls, the H.323 ALG supports application sharing over
the T.120 protocol. T.120 uses TCP to transport data while voice and video is transported over
UDP.
•
To support gatekeepers, the ALG monitors RAS traffic between H.323 endpoints and the
gatekeeper, in order to correctly configure the NetDefend Firewall to let calls through.
•
NAT and SAT rules are supported, allowing clients and gatekeepers to use private IP addresses
on a network behind the NetDefend Firewall.
H.323 ALG Configuration
The configuration of the standard H.323 ALG can be changed to suit different usage scenarios. The
configurable options are:
•
Allow TCP Data Channels - This option allows TCP based data channels to be negotiated.
Data channels are used, for example, by the T.120 protocol.
•
Number of TCP Data Channels - The number of TCP data channels allowed can be specified.
•
Address Translation - For NATed traffic the Network can be specified, which is what is
allowed to be translated. The External IP for the Network is specified which is the IP address
to NAT with. If the External IP is set as Auto then the external IP is found automatically
through route lookup.
•
Translate Logical Channel Addresses - This would normally always be set. If not enabled then
no address translation will be done on logical channel addresses and the administrator needs to
be sure about IP addresses and routes used in a particular scenario.
•
Gatekeeper Registration Lifetime - The gatekeeper registration lifetime can be controlled in
order to force re-registration by clients within a certain time. A shorter time forces more frequent
registration by clients with the gatekeeper and less probability of a problem if the network
becomes unavailable and the client thinks it is still registered.
Presented below are some network scenarios where H.323 ALG use is applicable. For each scenario
communication. Video and T.120 channels are also called
logical channels during negotiation.
A suite of communication and application protocols.
Depending on the type of H.323 product, T.120 protocol can
be used for application sharing, file transfer as well as for
conferencing features such as whiteboards.
240
Chapter 6. Security Mechanisms
Advertisement
Table of Contents
Troubleshooting
