One solution would be not to expect the firewall to 'find' which ports to open, but instead for the gateway to inform the firewall of the nature of the underlying connection.
FYI, SIEMENS have a submission to TIPHON which disusses how a media gateway [H.323 in their example] can instruct the firewall which IP ports to allow through.
http://docbox.etsi.org/tech-org/TIPHON/Document/TIPHON/05-9903-Philadelphia/ 12TD054.rtf
-- Iain Barker International data, Nortel PND, Maidenhead SL64AG UK Note: The above posting may not represent the views of Nortel.
-----Original Message----- From: Douglas Clowes [mailto:dclowes@OZEMAIL.COM.AU] Sent: 01 April 1999 02:14 To: ITU-SG16@MAILBAG.INTEL.COM Subject: Re: Firewalls [was: H.320 gateways a MEGACO / ITU]
[deletia]
Assuming that the SA between H1 and H2 involves payload encryption, such as ESP, and is call signalling or H.245, how does SG2 cope with finding the IP/port pairs, even in a text based protocol?
My interest extends beyond megaco/H.gcp, and includes Annex G. How do we handle this in the more general case?
Douglas