Well, this is not completely correct anymore. Cisco's CBAC Firewall
Feature Set (and possibly other "stateful" or "dynamic" filters) does do
dynamic state tables and access-lists that allow h.323 sessions that are
established from internal users to come back through the firewall. This
makes it so that there is a block on the external users (via acl)from using
the ports or establishing a session, and when the session is started only
the IPs that were initiated from inside are allowed back through.
There are currently no stateful/dynamic inspections of t.120 however (by any
vendor that I am aware of), thus my question.
heather
-----Original Message-----
From: Pavlichek, Doris (GEIS, GE Capital Consulting)
[mailto:[EMAIL PROTECTED]]
Sent: Tuesday, March 16, 1999 3:40 PM
To: Bard, Heather; 'Tammy Torbert'; [EMAIL PROTECTED]
Subject: RE: T.120 Conferencing through a firewall
http://www.shenton.org/~chris/nasa-hq/netmeeting/
Here's the paper....DP
> -----Original Message-----
> From: Bard, Heather [SMTP:[EMAIL PROTECTED]]
> Sent: Tuesday, March 16, 1999 1:01 PM
> To: 'Tammy Torbert'; [EMAIL PROTECTED]
> Subject: RE: T.120 Conferencing through a firewall
>
>
> >I will be implementing a firewall solution in a few weeks. I was
> wondering
> what
> >type of security issues allowing T.120 conferencing presents. My
> conferencing
> >system needs port 1503 dynamically opened. Does anyone have any
> information
> >about the risks I may be opening up by having this port opened?
>
> I am interested in this as well. We are doing H.323 and T.120
> implementation testing in our lab (for a very transient system - routers
> shutting down and whole subnets moving), and as of yet have not found any
> firewalls that support T.120 dynamically, thus we are having to statically
> open, through acls with a wide range of IPs, port 1503. So please cc: me
> on
> any information.
>
> Thanks
> Heather Bard
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
