negotiate opening and closing of logical channels. A logical
channel could be, for example, an audio channel used for
voice communication. Video and T.120 channels are also
called logical channels during negotiation.
T.120
A suite of communication and application protocols.
Depending on the type of H.323 product, T.120 protocol
can be used for application sharing, file transfer as well as
for conferencing features such as whiteboards.
H.323 ALG features
The H.323 ALG is a flexible application layer gateway that allows H.323 devices such as H.323
phones and applications to make and receive calls between each other when connected via
private networks secured by NetDefend Firewalls.
The H.323 specification was not designed to handle NAT, as IP addresses and ports are sent in the
payload of H.323 messages. The H.323 ALG modifies and translates H.323 messages to make sure
that H.323 messages will be routed to the correct destination and allowed through the
NetDefend Firewall.
H.323 handling by NetDefendOS has the following characteristics:
•
NetDefendOS supports version H.323 version 5 of the H.323 specification. This specification is
built upon H.225.0 v5 and H.245 v10.
•
In addition to support voice and video calls, NetDefendOS supports application sharing over
the T.120 protocol. T.120 uses TCP to transport data while voice and video is transported over
UDP.
•
To support gatekeepers, NetDefendOS monitors RAS traffic between H.323 endpoints and
the gatekeeper, in order to correctly configure the NetDefend Firewall to let calls through.
•
NAT
and
SAT
rules/policies are supported, allowing clients and gatekeepers to use private
IPv4 addresses on a network behind the NetDefend Firewall.
NetDefendOS H.323 Configuration
In NetDefendOS, the configuration of H.323 can be done in one of two ways:
•
Using a
H.323 ALG
object with an
IP Rule
object
An
H.323 ALG
object is associated with a
Service
object configured for the H.323 protocol. The
service object is then used with the
IP Rule
objects that control H.323 traffic flow.
In NetDefendOS version 11.03 and later, a predefined H.323 ALG is not present in the default
configuration and therefore a new
H.323 ALG
object must always be created when using an
IP
Rule
object with H.323. In older NetDefendOS versions that are upgraded to 11.03 or later, the
predefined
H.323 ALG
object will be retained.
•
Using a
VoIP Profile
object with an
IP Policy
object
H.323 can alternatively be configured using
IP Policy
objects. This is done by creating a
VoIP
Profile
object and specifying the H.323 options on that instead of an H.323 ALG. The
VoIP
Profile
object is then associated with the
IP Policy
object that controls traffic.
A
Service
object configured for H.323 traffic must also be used with the
IP Policy
object. This
Service
object must have its
Protocol
property set to
H.323
.
Chapter 6: Security Mechanisms
480
Содержание NetDefendOS
Страница 30: ...Figure 1 3 Packet Flow Schematic Part III Chapter 1 NetDefendOS Overview 30 ...
Страница 32: ...Chapter 1 NetDefendOS Overview 32 ...
Страница 144: ...Chapter 2 Management and Maintenance 144 ...
Страница 220: ... Enable DHCP passthrough Enable L2 passthrough for non IP protocols 4 Click OK Chapter 3 Fundamentals 220 ...
Страница 267: ... SourceNetwork lannet DestinationInterface any DestinationNetwork all nets 4 Click OK Chapter 3 Fundamentals 267 ...
Страница 284: ...Chapter 3 Fundamentals 284 ...
Страница 360: ...The ospf command options are fully described in the separate NetDefendOS CLI Reference Guide Chapter 4 Routing 360 ...
Страница 392: ...Chapter 4 Routing 392 ...
Страница 396: ...Web Interface 1 Go to Network Ethernet If1 2 Select Enable DHCP 3 Click OK Chapter 5 DHCP Services 396 ...
Страница 419: ... Host 2001 DB8 1 MAC 00 90 12 13 14 15 5 Click OK Chapter 5 DHCP Services 419 ...
Страница 420: ...Chapter 5 DHCP Services 420 ...
Страница 424: ...2 Now enter Name lan_Access Action Expect Interface lan Network lannet 3 Click OK Chapter 6 Security Mechanisms 424 ...
Страница 573: ...Chapter 6 Security Mechanisms 573 ...
Страница 575: ...This section describes and provides examples of configuring NAT and SAT rules Chapter 7 Address Translation 575 ...
Страница 607: ...Chapter 7 Address Translation 607 ...
Страница 666: ...Chapter 8 User Authentication 666 ...
Страница 775: ...Chapter 9 VPN 775 ...
Страница 819: ...Chapter 10 Traffic Management 819 ...
Страница 842: ...Chapter 11 High Availability 842 ...
Страница 866: ...Default Enabled Chapter 13 Advanced Settings 866 ...
Страница 879: ...Chapter 13 Advanced Settings 879 ...