It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see End-of-Support for CloudGen Firewall Firmware for further information on our EoS policy.

How to Configure the H.323 Neighbor Gatekeeper

  • Last updated on

You can use the Barracuda CloudGen Firewall as a gatekeeper for an H.323 network. The media stream of the calls that are established by the firewall gatekeeper are redirected to a local address of the Barracuda CloudGen Firewall and forwarded to the receiver of the stream. In this case, special handling for network address translation or firewall traversal is not required. The H.323 endpoints that are in direct contact with the gatekeeper can be registered with H.225 RAS or provisioned in the firewall configuration. Several gatekeepers can be clustered together to handle calls for endpoints with the same prefix, which are distributed over several locations. This is called a neighbor configuration. You can use the following gatekeepers in neighbor configurations:

  • GNU gatekeeper
  • Cisco gatekeeper
  • Clarent gatekeeper
  • Glonet gatekeeper

Step 1. Configure the H.323 Neighbor Gatekeeper

H.323 is configured on the Firewall Forwarding Settings page.

  1. Go to CONFIGURATION > Configuration Tree > Box > Virtual Servers > your virtual server > Assigned Services > Firewall > Forwarding Settings.
  2. In the left navigation pane, expand Configuration and click VoIP/H.323.
  3. Click Lock.
  4. Edit the H.323 settings.

    SettingDescription

    Enable H.323 Gatekeeper

    Enables or disables the firewall gatekeeper. To enable the gatekeeper, select yes.

    To enable communication between the H.323 equipment and the Barracuda CloudGen Firewall gatekeeper, create local firewall rules that allow incoming and outgoing UDP and TCP IP ports from networks with H.323 nodes that directly communicate with the Barracuda CloudGen Firewall gatekeeper. For more information on creating firewall rules, see: Access Rules.

    Gatekeeper Name

    The H.323 alias name of the firewall gatekeeper.

    Gatekeeper Listen IP

    Specifies which IP addresses the gatekeeper uses. An explicit IP address can also be entered by selecting the Other check box.

    Broadcast RAS

    Enables the sending of H.225 broadcast gatekeeper discovery packets. This is useful for phones that automatically detect the gatekeeper.

    Gatekeeper Password

    The password that neighbor gatekeepers must provide in order to enable neighbor cluster calls. The password can consist of small and capital characters, numbers, and non alpha-numeric symbols, except the hash sign (#).

    H.323 Neighbors



     

     

     

     

    List of H.323. neighbors. When you add an H.323 neighbor, you can specify the following settings:

    Gatekeeper Name

    The H.323 alias of the neighbor gatekeeper.

    Gatekeeper Type

    The vendor of the neighbor gatekeeper (GnuGK, CiscoGK, ClarentGK, or GlonetGK).

    Gatekeeper Hostname

    The hostname of the IP address of the neighbor gatekeeper.

    Gatekeeper Port

    The H.225 port number of the neighbor gatekeeper.

    Gatekeeper Password

    The password that is used to log into the neighbor gatekeeper for neighbor clustering support.

    Neighbor Timeout (sec.)

    The timeout of Location Request (LRQ) messages for browsing the neighbor cluster.

    H.323 EndpointsList of endpoints that are permanently registered at the gatekeeper. This is useful for interfaces that do not support H.225 RAS. When you add an endpoint, you can specify the following settings:
    H.323 AliasThe H.323 alias of the permanent endpoint.

    Gateway Hostname/IP

    The hostname or IP address of the endpoint. Endpoints with dynamic IP addresses must use H.225 registration to connect to the firewall gatekeeper.

    Prefix

    All calls with this number or prefix are routed to this endpoint.

    Call Redirect

    List of prefixes that are used for call redirects. When you add a call redirect, you can specify the following settings:
    Original PrefixAll calls with this prefix are rerouted.

    New Prefix

    The prefix that replaces the original prefix.

    RAS Authentication

    RAS authentication method. You can select one of the following options:
    None Allows all H.225 RRQ (Registration Requests).

    Radius

    Registers the username at a radius server.

    Radius+CAT

    Uses the Cisco Access Token in the RRQ message for registration at a radius server.

    Radius Server

    The IP address or hostname of the radius server. An optional port number may be specified after a colon (:). [:

  5. Click Send Changes and Activate.

Step 2. Create Firewall Rules to Allow H.323 Traffic

To enable communication between the H.323 equipment and the Barracuda CloudGen Firewall gatekeeper, create local firewall rules that allow incoming and outgoing H.323 connections from networks with H.323 nodes that directly communicate with the Barracuda CloudGen Firewall gatekeeper. For more information on creating firewall rules, see: Access Rules.