Setting up H323 IP telephony etc - was Re: [fw-wiz] Apple's iSight and Firewalls

From: Bret Watson (lists_at_ticm.com)
Date: 08/26/03

  • Next message: George J. Jahchan, Eng.: "[fw-wiz] Strange outbound connections."
    To: Bartek Krajnik <bartek@bicom.pl>, firewall-wizards@honor.icsalabs.com
    Date: Tue, 26 Aug 2003 10:47:13 +0800
    
    

    At 11:30 23/08/03 +0200, Bartek Krajnik wrote:

    >JS>
    >Here is everything what You need:
    >http://www.microsoft.com/windows/NetMeeting/Corp/reskit/Chapter4/default.asp
    >
    >Rgds,
    > Bartek.

    The trouble with micro$oft's advice is that it means opening huge holes in
    the firewall, or trusting that Checkpoint's protocol handler works nicely..

    A better solution is this..

    in the DMZ place a H323 gatekeeper with routed proxying turned on, restrict
    the port ranges to the number of simultaneous connections you expect to
    receive..
    In the LAN, place another gatekeeper with proxying turned on and ports as
    above for external addresses.. point it at the DMZ proxy. Setup everyone's
    Netmeeting to use the gatekeeper (you'll need to set some standard for
    registering with the gatekeeper too.. in the past I've used their desk
    phone number (the full international number, not just the extension)...

    Open rules to allow external to point at the port ranges specified on the
    DMZ proxy, open ports to allow the internal gatekeeper to point at the dmz
    gatekeeper (same port range)

    Make sure you've configured everything nicely - this part is not so easy..

    once you have done that however - you will have an internal gatekeeper that
    knows how to route calls to the outside, as well as an external gatekeeper
    that knows how to route calls from the outside.. neither party will have a
    direct connection.

    Cheers,

    Bret

    Technical Incursion Countermeasures www.ticm.com
    The Insider Community http://www.ticm.com/~insider/

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: George J. Jahchan, Eng.: "[fw-wiz] Strange outbound connections."