We're attempting to use an h323 audio application through the Firewall.
The internal client is on a network using "hide"' NAT. The client is
attempting to connect to an external system on the internet which is not
firewalled.
Rules look like:
Source Destination Service
-------------------------------------------
Any Any h323 Accept
Internal Any Any Accept
Any FW-1 Any Drop
We see this in the log:
reject 20004 192.168.2.20 207.213.156.200 tcp 0 20002 firewall reason: tried to
open port < 1024, port: tcpmux
reject 20002 207.213.156.200 192.168.2.20 tcp 0 20004 firewall reason: tried to
open port < 1024, port: tcpmux
It's being dropped by rule 0 so it's not even going through the rules.
If I remove the h323 service we can connect, but it becomes a one way
conversation where only the remote side can hear the client. The client
cannot hear the remote side of the conversation.
How can we fix this?
Frank Keeney
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
