Firewalls [was: H.320 gateways a MEGACO / ITU]

Iain Barker ibarker at NORTELNETWORKS.COM
Tue Apr 6 07:09:29 EDT 1999


One solution would be not to expect the firewall to 'find'
which ports to open, but instead for the gateway to inform
the firewall of the nature of the underlying connection.

FYI, SIEMENS have a submission to TIPHON which disusses how a
media gateway [H.323 in their example] can instruct the firewall
which IP ports to allow through.

http://docbox.etsi.org/tech-org/TIPHON/Document/TIPHON/05-9903-Philadelphia/
12TD054.rtf

--
Iain Barker  International data, Nortel PND, Maidenhead SL64AG UK
Note: The above posting may not represent the views of Nortel.


-----Original Message-----
From: Douglas Clowes [mailto:dclowes at OZEMAIL.COM.AU]
Sent: 01 April 1999 02:14
To: ITU-SG16 at MAILBAG.INTEL.COM
Subject: Re: Firewalls [was: H.320 gateways a MEGACO / ITU]


[deletia]

Assuming that the SA between H1 and H2 involves payload encryption, such as
ESP, and is call signalling or H.245, how does SG2 cope with finding the
IP/port pairs, even in a text based protocol?

My interest extends beyond megaco/H.gcp, and includes Annex G. How do we
handle this in the more general case?

Douglas



More information about the sg16-avd mailing list