• Source Interface: lan
• Destination Interface: dmz
• Source Network: lannet
• Destination Network: ip-gateway
• Comment: Allow H.323 entities on lannet to call phones connected to the H.323 Gateway on the DMZ
3. Click OK
1. Go to Rules > IP Rules > Add > IPRule
2. Now enter:
• Name: GWToLan
• Action: Allow
• Service: H323-Gatekeeper
• Source Interface: dmz
• Destination Interface: lan
• Source Network: ip-gateway
• Destination Network: lannet
• Comment: Allow communication from the Gateway to H.323 phones on lannet
3. Click OK
1. Go to Rules > IP Rules > Add > IPRule
2. Now enter:
• Name: BranchToGW
• Action: Allow
• Service: H323-Gatekeeper
• Source Interface: vpn-branch
• Destination Interface: dmz
• Source Network: branch-net
• Destination Network: ip-gatekeeper, ip-gateway
• Comment: Allow communication with the Gatekeeper on DMZ from the Branch network
3. Click OK
1. Go to Rules > IP Rules > Add > IPRule
2. Now enter:
• Name: BranchToGW
• Action: Allow
• Service: H323-Gatekeeper
• Source Interface: vpn-remote
• Destination Interface: dmz
• Source Network: remote-net
• Destination Network: ip-gatekeeper
• Comment: Allow communication with the Gatekeeper on DMZ from the Remote network
6.2.9. The H.323 ALG Chapter 6. Security Mechanisms
287
