Global Pix 6.3(3) firewall settings for all of your codecs:

Make sure you are not running NAT outside of the PIX. All NAT must be configured on the PIX.
Open the following ports bidirectionally:
21 FTP (allows upgrade of endpoint software) i
23 Telnet (allows support person to connect to endpoint)
80 WWW (allows support person to connect to Polycom web server to remotely manage the endpoint & help troubleshoot)
1718 and 1719 UDP and TCP
1731 TCP bidirectional (audio call control)
3230 - 3247 UDP bidirectional (audio & video)
3230 - 3235 TCP bidirectional (H.245 call control: aka RTCP)

Change the "timeout" or your calls will disconnect in five minutes. We suggest 10 hours to cover day long meetings including lunch break.
Change this line from:
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:30:00
to: (suggestion: copy this line and paste into your configuration)
timeout h323 10:00:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:30:00

Increase the h225 timeout values to at least 10 hours.
Change this line from:
timeout conn 1:00:00 half-closed 0:30:00 udp 0:30:00 rpc 0:10:00 h225 1:00:00
to: (suggestion: copy this line and paste into your configuration)
timeout conn 1:00:00 half-closed 0:30:00 udp 0:30:00 rpc 0:10:00 h225 10:00:00

Individual Pix 6.3(3) firewall settings for each of your codecs:

Create a static route through the firewall (inside to outside IP address). Example: static (inside, outside) 192.150.50.0 10.11.08.50 netmask 255.255.255.255 0 0 Note: substitute the routable IP address used in this example (192.150.50.0) and the private or NAT IP (10.11.08.50) with your IPs. Copy the access list below into your PIX configuration. Polycom is migrating their RAS registation from TCP ports 1718 and 1719 to UDP 1718 and 1719 - we account for both at the current time Cisco's "H323 fixup protocols" are now recommended. Add your static outside IP address in place of the example address 192.150.50.0

fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
access-list INTERNET permit tcp any host 192.150.50.0 eq www
access-list INTERNET permit tcp host 192.150.50.0 any eq www
access-list INTERNET permit udp host 192.150.50.0 any eq 80
access-list INTERNET permit tcp any host 192.150.50.0 eq telnet
access-list INTERNET permit udp any host 192.150.50.0 eq 1718
access-list INTERNET permit udp host 192.150.50.0 any eq 1718
access-list INTERNET permit udp any host 192.150.50.0 eq 1719
access-list INTERNET permit udp host 192.150.50.0 any eq 1719
access-list INTERNET permit tcp any host 192.150.50.0 eq h323
access-list INTERNET permit tcp host 192.150.50.0 any eq h323
access-list INTERNET permit tcp any host 192.150.50.0 eq 1731
access-list INTERNET permit tcp host 192.150.50.0 any eq 1731
access-list INTERNET permit tcp any host 192.150.50.0 range 3230 3235
access-list INTERNET permit tcp host 192.150.50.0 any range 3230 3235
access-list INTERNET permit udp any host 192.150.50.0 range 3230 3247
access-list INTERNET permit udp host 192.150.50.0 any range 3230 3247

The above is for Polycom codecs in particular. Here are Tandberg port requirements. They are mostly the same:

Ports Usage

The first outgoing call uses 5555 for outgoing Q.931 and 5556 for H.245, next uses 5557 for Q.931 and 5558 for H.245, etc. Each incoming H.323 call uses the next available port for H.245. Disconnecting a site in a call will not free up available 55XX ports until the whole conference is down