[fw1-gurus] RE: [fw-wiz] Checkpoint NAT H.323 support

From: Warren Verbanec (Warren.Verbanec_at_resilience.com)
Date: 11/23/04 

Date: Tue, 23 Nov 2004 13:29:54 -0800
To: "Rob Hughes" <rob@robhughes.com>, <firewall-wizards@honor.icsalabs.com>, <fw1-gurus@lists.phoneboy.com>

Hi

As of R55 HFA 08 or so, FW-1 has supported H.323 v2 and v4 quite nicely. NATted gatekeepers should be translated just fine in the H.225 stream.

Please check your configuration over. What kind of H.323 gear is this?

-Warren Verbanec
Resilience Corporation

-----Original Message-----
From: Rob Hughes [mailto:rob@robhughes.com]
Sent: Saturday, November 20, 2004 3:39 PM
To: firewall-wizards@honor.icsalabs.com
Subject: Re: [fw-wiz] Checkpoint NAT H.323 support

On Thu, 2004-11-18 at 16:46 +0100, Luis Maria Sainz Caballero wrote:
> Hi people,
>
> I am new to the list and I hope you help me. I have a problem with
> FW-1/VPN-1 NG with AI (R55) and the H.323 support. I am trying to register
> (H.323 RAS) a VoIP gateway inside my trusted network with a gatekeer on
> the Internet. I have already configured the VoIP domains (one for the
> gateway and another for the gatekeeper) in the FW, applied the last hotfix
> acumulator (HFA_11) and configured static NAT for the internal gateway to
> a public IP.
> The gatekeeper cannot respond because the IP inside the h225 payload isn't
> traslated, and I have confirmed it using the monitor inside de Firewall
> (fw monitor).
> Anybody know if Checkpoint really suports H.323 NAT? or can be a problem
> of mixconfiguration?
>

What does your rule look like? Specifically, what service are you using?
Also, the CP docs have examples of how to set this up. Have you tried
following those? But yes, it does (mostly) work.
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

---------------------------------------------------------------------
FireWall-1 Gurus Mailing List (http://www.phoneboy.com/gurus)
To unsubscribe, mailto:fw1-gurus-unsubscribe@lists.phoneboy.com
For additional commands, mailto:fw1-gurus-help@lists.phoneboy.com

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Relevant Pages

  • [fw-wiz] Checkpoint NAT H.323 support
    ... gateway and another for the gatekeeper) in the FW, ... acumulator and configured static NAT for the internal gateway to ... The gatekeeper cannot respond because the IP inside the h225 payload isn't ... and I have confirmed it using the monitor inside de Firewall ...
    (Firewall-Wizards)
  • RE: [fw-wiz] Checkpoint NAT H.323 support
    ... being the gateway inside my trusted network and the gatekeeper ... the IP heather is correctly traslated but not the IP inside the payload. ... and I have confirmed it using the monitor inside de Firewall ...
    (Firewall-Wizards)
  • [fw1-gurus] RE: [fw-wiz] Checkpoint NAT H.323 support
    ... being the gateway inside my trusted network and the gatekeeper ... the IP heather is correctly traslated but not the IP inside the payload. ... and I have confirmed it using the monitor inside de Firewall ...
    (Firewall-Wizards)
  • Re: [fw-wiz] Checkpoint NAT H.323 support
    ... > gateway and another for the gatekeeper) in the FW, ... > acumulator and configured static NAT for the internal gateway to ... and I have confirmed it using the monitor inside de Firewall ...
    (Firewall-Wizards)
  • RE: [fw-wiz] Checkpoint NAT H.323 support
    ... Please check your configuration over. ... > gateway and another for the gatekeeper) in the FW, ... and I have confirmed it using the monitor inside de Firewall ...
    (Firewall-Wizards)