Supported H.323 Deployments and NAT
For complete information on NAT configuration, see the R80.20.M2 Security Management Administration Guide.
Supported H.323 deployments are listed the table. Hide NAT, or Static NAT can be configured for the phones in the internal network, and (where applicable) for the gatekeeper.
- NAT is not supported on IP addresses behind an external Check Point gateway interface.
- Manual NAT rules are only supported in environments where the Gatekeeper is in the DMZ.
Supported H.323 Topology
|
Supports No NAT
|
Supports NAT for Internal Phones - Hide/Static NAT
|
Supports
NAT for Gatekeeper - Static NAT
|
Description
|
H.323 Endpoint to Endpoint
|
Yes
|
Static NAT only
|
N/A
|
- The IP Phones communicate directly, without a Gatekeeper or an H.323 gateway. Static NAT can be configured for the phones on the internal side of the gateway.
|
H.323 Gatekeeper/Gateway in External Network
|
Yes
|
Yes
|
N/A
|
- The IP phones use the services of a Gatekeeper or H.323 gateway on the external side of the gateway.
- This topology enables the use of the services of a Gatekeeper or an H.323 gateway that is maintained by another organization.
|
H.323 Gatekeeper/Gateway to Gatekeeper/Gateway
|
Yes
|
Yes
|
Yes
|
- Each Gatekeeper or H.323 gateway controls a separate endpoint domain.
- Static NAT can be configured for the internal Gatekeeper. For the internal phones, Hide NAT or Static NAT can be configured.
|
H.323 Gatekeeper/Gateway in DMZ
|
Yes
|
Yes
|
Yes
|
- The same Gatekeeper or H.323 gateway controls both endpoint domains. This topology makes it possible to provide Gatekeeper or H.323 gateway services to other organizations.
- Static NAT or No-NAT can be configured for the Gatekeeper or H.323 gateway.
- Hide NAT or Static (or no NAT) can be configured for the phones on the internal side of the gateway.
|
