Solved

Does Firebox x1000 supports H.323 protocol used by Tandberg videconferencing

Posted on 2008-10-16
3
1,152 Views
Last Modified: 2013-11-16
I have to set up videoconferencing to an external location over the internet.
The system, eyecatcher, is behind the firewall and i opened all the required ports on the wachtguard firebox.

Problem is that the the destination vcon receives my call and pickes it up. But my system doesn't get this information back from the calling system. The supplier of the system says that my system doesn't receive the ip-packets related to port 7020.(ps when connecting the system straight to the internet i have no problems)

however in my firebox/firewall i don't see a drop.

I tried to set an incoming rule to all_trusted and even forwarded the incoming ports related to videconfering straight to the ip adress of my eyecatcher. Nothing worked.

I have browsed the internet to see which models/makes of firewalls are compatible with videoconfering (h.323 protocol) but this seems to be a gray area

any help is appreciated.
0
Comment
Question by:mark_martens
  • 2
3 Comments
 
LVL 32

Expert Comment

by:dpk_wal
ID: 22733177
WG support H323 proxy; but I have seen many cases where this does not work. I would suggest you to configure 1-1 NAT for the device and then configure ANY service between the communicating parties. This would ensure that no port translations are done by the firewall only IP masquerading when sending the packet from external to internal also there would be no ports blocked.

One this works and you know for sure all the ports which are used; you can then create a custom service and replace ANY service.

Thank you.
0
 
LVL 1

Author Comment

by:mark_martens
ID: 22738556
just to be in the clear, am i correct to say that with 1:1 NAT you don't mean dynamic 1:1 Nat and you don't mean static 1:1 Nat but you mean the term 1:1 NAT, to refer to forwarding one address to a single server.

as a newby on firewalls i may state following in an amateur way, but bear with me please
what i want to configure on the firebox (interpretting your message) i will demonstrate in an example

vcon-server                            my isp ip number             destination vcon-server
126.8.3.2      <->    firebox      211.4.3.211             <->   216.3.2.123

rule outgoing: firebox sees destination => 216.3.2.123 and source = 126.8.3.2 : OK let it pass
rule incoming: firebox sees source       => 216.3.2.123                                         OK send all to 126.8.3.2

could you help me (with a step by step) how to configure this on the firebox
thank you
0
 
LVL 32

Accepted Solution

by:
dpk_wal earned 500 total points
ID: 22739504
Yes I meant dynamic 1-1 NAT; one public address to a single internal server.

Ok here is what we would do:

In Policy Manager [ver 10.x]; go to Network->NAT->1-1 NAT; specify:
Extetrnal; 1; public-ip [216.3.2.123];internal-ip

Now click + and add ANY service; configure it as:
Enabled and Allowed; from 126.8.3.2; to 216.3.2.123

Please note ANY service would communication between the end on all ports and protocols.

Thank you.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Content Filtering 1 to 1 Peer Review 1 93
GPR - Cannot telnet 15 87
Sonicwall NSA failover & LB 4 48
suspending the anti virus 6 113
Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Many functions in Excel can make decisions. The most simple of these is the IF function: it returns a value depending on whether a condition you describe is true or false. Once you get the hang of using the IF function, you will find it easier to us…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now