Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Configuring H.323 Settings


H.323 Application Layer Gateway (ALG) lets you to secure voice-over-IP (VoIP) communication between terminal hosts, such as IP phones and multimedia devices. In such a telephony system, gatekeeper devices manage call registration, admission, and call status for VoIP calls. Gatekeepers can reside in the two different zones or in the same zone.

The H.323 protocol ALG is enhanced to support incoming calls in NAT mode and slow start in gatekeeper routed mode. In gatekeeper routed mode, all control channel negotiations (Q.931 and H.245) are performed between the gatekeeper and the end points. The media channels, on the other hand, are opened directly between the end points.

Setting H.323 Inactivity Timeouts

When you enable H.323, the gateway is registered to the flow and reassembly. In addition, the port is also registered. If you do not enable H.323, none are registered. You can configure the following inactivity timeout to determine the lifetime of a group:

  • Set incoming-table timeout value—Sets or resets the default timeout value (in seconds) for the NAT table entry. The default value is 3,600 seconds (60 minutes).

Select any of the appropriate check boxes to pass messages that cannot be decoded by the device in either Route mode or NAT mode:

  • Pass nonparsable packets in Route mode

  • Pass nonparsable packets in NAT mode

For more detailed explanation about configuring H.323 on security devices, see the “Fundamentals” volume in the Concepts & Examples ScreenOS Reference Guide.