|
You'll
need to create a Net2Phone service group and add that to an accept
line. Take a look at the NetMeeting service group object in PolicyManager
4.1 and you'll see the type of group you need to create. Actually creating
the group is a little trickier though. I suggest you e-mail Net2Phone
support and find out what protocols the application looks for and stateful
inspection should ensure that you're not opening holes that are
unnecessary. Alternatively, CheckPoint may have already been asked this by
someone else and they may have the parameters as well. If you can't /
don't want to talk to their support people, you can find out the properties of
the object yourself by putting 2 clients in a lab with each other and doing a
packet capture with a sniffer. Then examine the ports used. You'll
probably be able to use a bunch of existing services in the policy base, but you
may need to define some new services that are more complicated to define as you
need to write in packet matching parameters (take a look at the canned H.323
service to get an idea of what I'm talking about). Bottom line is that
it's much more complicated and requires a high level of understanding of the
application's packets to do this safely yourself and ensure that you're not
opening up holes in your firewall unnecessarily. This is why I recommend
contacting the vendor directly. If anyone out there has the object
contents already, please post them or if you track them down please let us
know. I think it's probably a useful object to have.
Good
luck.
Regards,
Scott
A. Wozny
Enterasys, NYC
|
- Net2phone Manoj Rathod
- Wozny, Scott
