Chapter 18 ALG
ZyWALL USG 300 User’s Guide
271
18.4 WAN to LAN SIP Peer-to-peer Calls Example
This example shows how to configure firewall and virtual server (port forwarding) rules to
allow H.323 calls to come in through WAN IP address 10.0.0.8 to computer A at IP address
192.168.1.56 on the LAN.
Figure 176 WAN to LAN H.323 Peer-to-peer Calls Example
Configure the virtual server policy first to forward H.323 (TCP port 1720) traffic received on
the ZyWALL’s 10.0.0.8 WAN IP address to LAN IP address 192.168.1.56.
1 Click Network > Virtual Server > Add.
2 Configure the screen as follows and click OK.
Figure 177 Network > Virtual Server > Add
Now configure a firewall rule to allow H.323 (TCP port 1720) traffic received on the
WAN_IP-for-H323 IP address to go to LAN IP address 192.168.1.56.
3 Click Firewall. In From Zone, select WA N; in To Zone, select LAN.
4 The default rule for WAN-to-LAN traffic drops all traffic. You want to allow SIP access
through IP address 10.0.0.8, so add a rule before the default rule. Click the Add icon at
the top of the column.