Setting up H323 IP telephony etc - was Re: [fw-wiz] Apple's iSight and Firewalls
From: Bret Watson (lists_at_ticm.com)
Date: 08/26/03
- Previous message: Bartek Krajnik: "Re: [fw-wiz] Apple's iSight and Firewalls"
- In reply to: Bartek Krajnik: "Re: [fw-wiz] Apple's iSight and Firewalls"
- Next in thread: Marcus J. Ranum: "[fw-wiz] Re: Setting up H323 IP telephony etc - was Re: [fw-wiz] Apple's iSight and Firewalls"
- Reply: Marcus J. Ranum: "[fw-wiz] Re: Setting up H323 IP telephony etc - was Re: [fw-wiz] Apple's iSight and Firewalls"
- Reply: Bartek Krajnik: "Re: Setting up H323 IP telephony etc - was Re: [fw-wiz] Apple's iSight and Firewalls"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Bartek Krajnik <bartek@bicom.pl>, firewall-wizards@honor.icsalabs.com Date: Tue, 26 Aug 2003 10:47:13 +0800
At 11:30 23/08/03 +0200, Bartek Krajnik wrote:
>JS>
>Here is everything what You need:
>http://www.microsoft.com/windows/NetMeeting/Corp/reskit/Chapter4/default.asp
>
>Rgds,
> Bartek.
The trouble with micro$oft's advice is that it means opening huge holes in
the firewall, or trusting that Checkpoint's protocol handler works nicely..
A better solution is this..
in the DMZ place a H323 gatekeeper with routed proxying turned on, restrict
the port ranges to the number of simultaneous connections you expect to
receive..
In the LAN, place another gatekeeper with proxying turned on and ports as
above for external addresses.. point it at the DMZ proxy. Setup everyone's
Netmeeting to use the gatekeeper (you'll need to set some standard for
registering with the gatekeeper too.. in the past I've used their desk
phone number (the full international number, not just the extension)...
Open rules to allow external to point at the port ranges specified on the
DMZ proxy, open ports to allow the internal gatekeeper to point at the dmz
gatekeeper (same port range)
Make sure you've configured everything nicely - this part is not so easy..
once you have done that however - you will have an internal gatekeeper that
knows how to route calls to the outside, as well as an external gatekeeper
that knows how to route calls from the outside.. neither party will have a
direct connection.
Cheers,
Bret
Technical Incursion Countermeasures www.ticm.com
The Insider Community http://www.ticm.com/~insider/
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Bartek Krajnik: "Re: [fw-wiz] Apple's iSight and Firewalls"
- In reply to: Bartek Krajnik: "Re: [fw-wiz] Apple's iSight and Firewalls"
- Next in thread: Marcus J. Ranum: "[fw-wiz] Re: Setting up H323 IP telephony etc - was Re: [fw-wiz] Apple's iSight and Firewalls"
- Reply: Marcus J. Ranum: "[fw-wiz] Re: Setting up H323 IP telephony etc - was Re: [fw-wiz] Apple's iSight and Firewalls"
- Reply: Bartek Krajnik: "Re: Setting up H323 IP telephony etc - was Re: [fw-wiz] Apple's iSight and Firewalls"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
