Print Download PDF Send Feedback

Previous

Next

H.323-Based VoIP

In This Section:

Introduction to H.323

H.323 Specific Services

Supported H.323 Deployments and NAT

Important Information about Creating H.323 Security Rules

Introduction to H.323

H.323 is an International Telecommunication Union (ITU) standard that specifies the components, protocols and procedures that provide multimedia communication services, real-time audio, video, and data communications over packet networks, including IP based networks.

H.323 registration and alternate communication occurs on UDP port 1719, and H.323 call signaling occurs on TCP port 1720. H.323 is a peer-to-peer protocol.

The Security Gateway supports these H.323 architectural elements:

H.323 Specific Services

These preconfigured H.323 services are available:

Service

Purpose

TCP:H323

Allows a Q.931 to be opened (and if needed, dynamically opens an H.245 port), and dynamically opens ports for RTP/RTCP or T.120.

UDP:H323_ras

Allows a RAS port to be opened, and then dynamically opens a Q.931 port (an H.245 port if needed). Also dynamically opens and RTP/RTCP and T.120 ports.

UDP:H323_ras_only

Allows only RAS ports. Cannot be used to make calls. If this service is used, no Application Intelligence Checks (payload inspection or modification as NAT translation) are made. Do not use if you want to perform NAT on RAS messages. Do not use in the same rule as the H323_ras service.

TCP:H323_any

Relevant only for versions prior to R75.40VS:

Similar to the H323 service, but also allows the Destination in the rule to be ANY rather than a Network Object. Only use H323_any if you do not know the VoIP topology, and are not enforcing media admission control (formerly known as Handover) using a VoIP domain. Do not use in the same rule as the H.323 service.

Note - Make sure to use the H.323 and H.323_ras services in H.323 Security Gateways rules.