negotiate opening and closing of logical channels. A logical
channel could be, for example, an audio channel used for
voice communication. Video and T.120 channels are also
called logical channels during negotiation.
T.120
A suite of communication and application protocols.
Depending on the type of H.323 product, T.120 protocol
can be used for application sharing, file transfer as well as
for conferencing features such as whiteboards.
H.323 ALG features
The H.323 ALG is a flexible application layer gateway that allows H.323 devices such as H.323
phones and applications to make and receive calls between each other when connected via
private networks secured by NetDefend Firewalls.
The H.323 specification was not designed to handle NAT, as IP addresses and ports are sent in the
payload of H.323 messages. The H.323 ALG modifies and translates H.323 messages to make sure
that H.323 messages will be routed to the correct destination and allowed through the
NetDefend Firewall.
H.323 handling by NetDefendOS has the following characteristics:
•
NetDefendOS supports version H.323 version 5 of the H.323 specification. This specification is
built upon H.225.0 v5 and H.245 v10.
•
In addition to support voice and video calls, NetDefendOS supports application sharing over
the T.120 protocol. T.120 uses TCP to transport data while voice and video is transported over
UDP.
•
To support gatekeepers, NetDefendOS monitors RAS traffic between H.323 endpoints and
the gatekeeper, in order to correctly configure the NetDefend Firewall to let calls through.
•
NAT
and
SAT
rules/policies are supported, allowing clients and gatekeepers to use private
IPv4 addresses on a network behind the NetDefend Firewall.
NetDefendOS H.323 Configuration
In NetDefendOS, the configuration of H.323 can be done in one of two ways:
•
Using a
H.323 ALG
object with an
IP Rule
object
An
H.323 ALG
object is associated with a
Service
object configured for the H.323 protocol. The
service object is then used with the
IP Rule
objects that control H.323 traffic flow.
In NetDefendOS version 11.03 and later, a predefined H.323 ALG is not present in the default
configuration and therefore a new
H.323 ALG
object must always be created when using an
IP
Rule
object with H.323. In older NetDefendOS versions that are upgraded to 11.03 or later, the
predefined
H.323 ALG
object will be retained.
•
Using a
VoIP Profile
object with an
IP Policy
object
H.323 can alternatively be configured using
IP Policy
objects. This is done by creating a
VoIP
Profile
object and specifying the H.323 options on that instead of an H.323 ALG. The
VoIP
Profile
object is then associated with the
IP Policy
object that controls traffic.
A
Service
object configured for H.323 traffic must also be used with the
IP Policy
object. This
Service
object must have its
Protocol
property set to
H.323
.
Chapter 6: Security Mechanisms
480
Summary of Contents for NetDefendOS
Page 30: ...Figure 1 3 Packet Flow Schematic Part III Chapter 1 NetDefendOS Overview 30 ...
Page 32: ...Chapter 1 NetDefendOS Overview 32 ...
Page 144: ...Chapter 2 Management and Maintenance 144 ...
Page 284: ...Chapter 3 Fundamentals 284 ...
Page 392: ...Chapter 4 Routing 392 ...
Page 419: ... Host 2001 DB8 1 MAC 00 90 12 13 14 15 5 Click OK Chapter 5 DHCP Services 419 ...
Page 420: ...Chapter 5 DHCP Services 420 ...
Page 573: ...Chapter 6 Security Mechanisms 573 ...
Page 607: ...Chapter 7 Address Translation 607 ...
Page 666: ...Chapter 8 User Authentication 666 ...
Page 775: ...Chapter 9 VPN 775 ...
Page 819: ...Chapter 10 Traffic Management 819 ...
Page 842: ...Chapter 11 High Availability 842 ...
Page 866: ...Default Enabled Chapter 13 Advanced Settings 866 ...
Page 879: ...Chapter 13 Advanced Settings 879 ...