Re: H.323

[Paul Howell <grue () merit edu>]

Intel has a paper about firewalls and H.323 at
http://www.intel.com/support/videophone/trial21/h323_wpr.htm

The paper starts out:
"This document is intended for implementers - both firewall developers planning 
to implement H.323 support and H.323 application developers planning to add 
proxy support to their products. With two audiences holding vastly different
perspectives and experiences, this paper will often seem to explain the 
patently obvious (perhaps glossing over some important details). Please accept 
our apologies up front and bear with us; there is important new information 
for both groups."

< paul



"Joseph Pung" writes:
> Hi,
>
> I am interested in obtaining "lessons learned" from those of you who may
>  have implemented H.323 (especially if you used NetMeeting).  Specifically, I 
> am interested in the following:
>
> 1. Does your firewall support H.323 via an application proxy?
> 2. If so, WRT "dynamic port allocation", how exactly does your firewall
>      handle the process?
> 3.  What type of firewall do you have (circuit, stateful filtering, etc)?
> 4.  Any security issues?  Note, H.323 v2 has enhanced security to include 
>      authentication, integrity, privacy, and non-repudiation, although we may 
>      be using NetMeeting... In reviewing last year's thread (Jun-Sep), I saw a 
>     concern about the "shared application execution facility enabling remote 
>     users to execute unintended program on other participant's workstations" 
>     but I never really saw anything specific. 
> 5.  Any performance issues (relative to the amount of bandwidth made available 
>      for H.323)? 
> 6.  What would you have done differently? 7.  What did you do that 
>     you were glad you did?
>
> I will post a summary to the list, so if you reply off-line I will not use your 
> name, unless you specifically grant me permission.
>
> Thanks,
>
> Joe