Video Meeting Firewall Port Requirements

Jeremiah Barkman -

InFocus SIP and Basic Router supplied by your ISP or Basic Managed Firewall

If you have a basic unmanaged network with a router provided by your ISP, you likely will need to configure nothing. Most firewalls in a standard configuration will allow a stateful connection.

 

InFocus SIP and Government firewalls or heavily restrictive company networks

SIP Ports 5060-5061 TCP/UDP Outbound should be unrestricted.

SIP Port 5060-5061 UDP Inbound left open and/or forwarded to the SIP end point, may result in unsolicited or phantom calls.  

InFocus.net Media Ports Range 25000-35000 UDP Outbound should be unrestricted.

InFocus.net Provisioning HTTPS Port 443 Outbound should be unrestricted.

 

H.323 and Firewalls

H.323 Signaling Port 1720 TCP/UDP Outbound should be unrestricted.

H.323 Media Port Range 1024-65535 UDP Outbound should be unrestricted.

 

H.323 Considerations

H.323 is challenging from behind a NAT. One reason you will find that H.323 devices are set up with public IP addresses is to avoid problems traversing NAT. For the Mondopad this is not a good option because it is a Windows device and a security risk in that configuration. So you will need to employ one of the NAT traversing methods such as H.323 helper, H.323 Fixup, or another depending on the NAT appliance or software you are employing.  The link below is a helpful 3rd party document relating some possible paths to resolve this. Over the past fifteen years there have been many H.332 Video Conferencing systems introduced to the marketplace. Systems that are now end-of-life / end-of-support from the manufacturer are not guaranteed to work with our systems or services.

https://community.jisc.ac.uk/library/janet-services-documentation/nat-firewalls-and-videoconferencing-h323-border-traversals

 

Stateful Firewalls: All of these settings are presented assuming that the firewall is allowing stateful traffic. If for some reason your firewall so locked down so that it doesn’t allow inbound traffic based on the originators outbound path, more detailed configuration will be required.

05-19-2016

 

Have more questions? Submit a request

Comments

Powered by Zendesk