Configure The System For Use With A Firewall Or Nat - Polycom RealPresence Group 550 Administrator's Manual

Administrator's Guide for the Polycom RealPresence Group Series

Configure the System for Use with a Firewall or NAT

A firewall protects an organization's IP network by controlling data traffic from outside the network. Unless
the firewall is designed to work with H.323 video conferencing equipment, you must configure the system
and the firewall to allow video conferencing traffic to pass in and out of the network.
Network Address Translation (NAT) network environments use private internal IP addresses for devices
within the network, while using one external IP address to allow devices on the LAN to communicate with
other devices outside the LAN. If your system is connected to a LAN that uses a NAT, you will need to enter
the NAT Public (WAN) Address so that your system can communicate outside the LAN.
To set up the system to work with a firewall or NAT:
1 In the web interface, go to Admin Settings > Network > IP Network > Firewall.
2 Configure these settings.
Setting
Fixed Ports
TCP Ports
UDP Ports
Enable H.460 Firewall
Traversal
NAT
Polycom, Inc.
Description
Lets you specify whether to define the TCP and UDP ports.
• If the firewall is not H.323 compatible, enable this setting. The RealPresence Group
system assigns a range of ports starting with the TCP and UDP ports you specify. The
system defaults to a range beginning with port 3230 for both TCP and UDP.
Note: You must open the corresponding ports in the firewall. For H.323, you must
also open the firewall's TCP port 1720; for SIP you must open either UDP port 5060,
TCP 5060, or TCP 5061 depending on whether you are using UDP, TCP, or TLS as
the SIP transport protocol.
• If the firewall is H.323 compatible or the system is not behind a firewall, disable this
setting.
For IP H.323 you need 2 TCP and 8 UDP ports per connection. For SIP you need TCP
port 5060 and 8 UDP ports per connection.
Note: Because RealPresence Group systems support ICE, the range of fixed UDP
ports is 112. The RealPresence Group system cycles through the available ports from
call to call. After the system restarts, the first call begins with the first port number, either
49152 or 3230. Subsequent calls start with the last port used, for example, the first call
uses ports 3230 to 3236, the second call uses ports 3236 to 3242, the third call uses
ports 3242 through 3248, and so on.
Specifies the beginning value for the range of TCP and UDP ports used by the system.
The system automatically sets the range of ports based on the beginning value you set.
Note: You must also open the firewall's TCP port 1720 to allow H.323 traffic.
Allows the system to use H.460-based firewall traversal for IP calls. For more
information, refer to H.460 NAT Firewall Traversal
Specifies whether the system should determine the NAT Public WAN Address
automatically.
• If the system is not behind a NAT or is connected to the IP network through a Virtual
Private Network (VPN), select Off.
• If the system is behind a NAT that allows HTTP traffic, select Auto.
• If the system is behind a NAT that does not allow HTTP traffic, select Manual.
on page 47.
Networks
46