Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

H323 Video Conferencing

Status
Not open for further replies.
philroughton

philroughton

Technical User
Jul 7, 2005
2
0
0
GB
Hello, does anybody know how to setup H323 Video Conferencing through a CheckPoint firewall NG? We have a Gatekeeper and Gateway within our private network and they look after a number of endpoints, but we need to communicate with the outside world on the Internet. What configuration needs to be done on the firewall - hosts, address translation etc...

Thank you,

Phil.
 
Sort by date Sort by votes
Well, basically, you'll need to know what ports your Video conferrencing application uses and if their uni or bi-directional. Also, you'll need to understand how the video conferencing will need to work. In order to tell you how to configure it we would need to know more specific information. It sound like you'll need to set up your security and NAT rules to be appropriate to what you're attempting to do. Sorry to be so vague.
 
Upvote 0 Downvote
hello,

@rn4it: basicaly you are right, but

the checkpoint "understands" voiceoverip (h323), so you do not need to enable traffic in both directions. the firewall will do this dynamically.
if h323-traffic is started in both directons, you are right.

the only thing you have to know is the general h323 traffic between the devices...

maybe this can help:

martin

----------------------------------
Martin Peinsipp, Austria
CCSA,
IT-Security-Administrator
 
Upvote 0 Downvote
In our implementation of VoIP, we needed 2way Security and NAT rules. This is a little different from what is being asked. We used the same article when we did our IP Trunking, connecting 2 PBXs together. There were a number of ports that are needed outside of the H323, based on the PBX manufacture.
 
Upvote 0 Downvote
Thanks for all your help - because I have no control over the external domain, I cannot create a VoIP Domain Gatekeeper for the destination - this is meant to be the Internet (any Video Conferencing device out there). We're not trying to connect 2 offices together. Is checkpoint still capable of this - I can set up a domain for the office her, but then we want to communicate using H323, to possibly any dievice in the world.

Thank you again, Phil.
 
Upvote 0 Downvote
I'm sure there are other companies that are doing what you're attempting to do, but I'm not. Did you review the article that Martinp05 linked you to? while trouble shooting use your logfile, this will give you error messages that may be helpful.

You will need to allow any, to your h323 gatekeeper's NAT'd address and have the correct NAT rule and static routes. As well, you may want to have any any rule plus a second rule that allows tcp and udp high port. This would of course depend apon what ports your video conf application needs.
good luck
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Bhawks10
  • Locked
  • Question
Polycom 8000 HDX h.323 video conferencing thru Sonicwall Firewall
Replies
0
Views
25
Bhawks10
Bhawks10
cygnetrower1
  • Locked
  • Question
Video Conference Timeout
Replies
0
Views
10
cygnetrower1
cygnetrower1
amrqura
  • Locked
  • Question
prevent video streaming over 515E
Replies
0
Views
15
amrqura
amrqura
Piloria
  • Locked
  • Question
H225 issue with Video Confrencing
Replies
3
Views
22
geranimo666
geranimo666
tmacleod
  • Locked
  • Question
Problem accessing specific .asx videos from only one site port 1755
Replies
0
Views
18
tmacleod
tmacleod

Part and Inventory Search

Sponsor

Back
Top