Transcript
Video conference endpoint Firewall Configuration In order to effectively use all the functionality offered by Ubiety, certain network access requirements are needed for user devices (tablets, smartphones, laptops, etc), video (VTC) endpoints and Microsoft Lync Deployments. This is especially important for secured environments that have outbound traffic restriction policies on their networks. This guide assumes standard ports are being used on your unit. Please adjust if customizations have been made. This guide assumes that all outbound IP has been allowed from the video endpoint to the internet for call setup and media traversal to enable calls both to the endpoint and from the endpoint to Ubiety. If you are using an endpoint not listed here, please contact support for help sourcing instructions and testing your endpoint.
General Firewall Configuration for Ubiety In order to effectively use all the functionality offered by Ubiety, certain network access requirements are needed for user devices (tablets, smartphones, laptops, etc), video (VTC) endpoints and Microsoft Lync Deployments. This is especially important for secured environments that have outbound traffic restriction policies on their networks. These are generic rules that will work with the majority of manufacturers and models. We have provided more specific requirements for individual manufacturers if a reduced range of ports specific to your situation are desired.
Type Protocol H.323 TCP/1720
Source 174.36.253.44 208.43.236.162 159.8.240.22
Destination Your endpoint
Comments H.323 Call setup (Q.931 call Setup)
SIP
174.36.253.44 208.43.236.162 159.8.240.22
Your endpoint
SIP TCP (unencrypted) and SIP TLS (encrypted) Call Setup
174.36.253.44 208.43.236.162 159.8.240.22
Your endpoint
RTP Media – audio and video streams Must be bi-directional
TCP/5060-5061
H.323 UDP/1024-65000 SIP
Cisco Telepresence Endpoints (incl. Tandberg) For Cisco Telepresence and Tandberg endpoints, the following firewall configuration is required in your environment. Please ensure endpoints using NAT to access the internet are configured correctly. See here for more details. Type Protocol H.323 TCP/1720
Source 174.36.253.44 208.43.236.162 159.8.240.22
Destination Your endpoint
Comments H.323 Call setup (Q.931 call Setup)
H.323 TCP/15000-19999
174.36.253.44 208.43.236.162 159.8.240.22
Your endpoint
H.323 call setup (Q 931 / H.225 Signaling)
SIP
174.36.253.44 208.43.236.162 159.8.240.22
Your endpoint
SIP TCP (unencrypted) and SIP TLS (encrypted) Call Setup
174.36.253.44 208.43.236.162 159.8.240.22
Your endpoint
RTP Media – audio and video streams Must be bi-directional
TCP/5060-5061
H.323 UDP/50000-54999 SIP
Polycom HDX, VSX + Group Series Endpoints For Polycom HDX, VSX and Group series endpoints, the following firewall configuration is required in your environment. Please ensure endpoints using NAT to access the internet are configured correctly. See here for more details. Type Protocol H.323 TCP/1720
Source 174.36.253.44 208.43.236.162 159.8.240.22
Destination Your endpoint
Comments H.323 Call setup (Q.931 call Setup)
H.323 TCP/3230-3243
174.36.253.44 208.43.236.162 159.8.240.22
Your endpoint
H.323 call setup (Q 931 / H.225 Signaling)
SIP
TCP/5060-5061
174.36.253.44 208.43.236.162 159.8.240.22
Your endpoint
SIP TCP (unencrypted) and SIP TLS (encrypted) Call Setup
H.323 UDP/3230-3285 SIP
174.36.253.44 208.43.236.162 159.8.240.22
Your endpoint
RTP Media – audio and video streams Must be bi-directional
Lifesize Endpoints For Lifesize endpoints, the following firewall configuration is required in your environment. This assumes you do not have a Lifesize Cloud / Clearsea registration. If this is the case, no rules are required, clearsea will perform traversal. Please ensure endpoints using NAT to access the internet are configured correctly. See more here for icon and here for express/team/passport. Type Protocol H.323 TCP/1720
Source 174.36.253.44 208.43.236.162 159.8.240.22
Destination Your endpoint
Comments H.323 Call setup (Q.931 call Setup)
SIP
174.36.253.44 208.43.236.162 159.8.240.22
Your endpoint
SIP TCP (unencrypted) and SIP TLS (encrypted) Call Setup
174.36.253.44 208.43.236.162 159.8.240.22
Your endpoint
RTP Media – audio and video streams Must be bi-directional
TCP/5060-5061
H.323 UDP/ 60000-64999 SIP
Avaya Radvision Endpoints For Radvision Scopia and XT endpoints, the following firewall configuration is required in your environment. Please ensure endpoints using NAT to access the internet are configured correctly. See here for more details. Type Protocol H.323 TCP/1720
Source 174.36.253.44 208.43.236.162 159.8.240.22
Destination Your endpoint
Comments H.323 Call setup (Q.931 call Setup)
H.323 TCP/3230-3248
174.36.253.44 208.43.236.162 159.8.240.22
Your endpoint
H.323 call setup (Q 931 / H.225 Signaling)
SIP
TCP/5060-5061
174.36.253.44 208.43.236.162 159.8.240.22
Your endpoint
SIP TCP (unencrypted) and SIP TLS (encrypted) Call Setup
SIP
TCP/5070
174.36.253.44 208.43.236.162 159.8.240.22
Your endpoint
BFCP - video content (presentation) signaling. Must be bi-directional
174.36.253.44 208.43.236.162 159.8.240.22
Your endpoint
RTP Media – audio and video streams Must be bi-directional
H.323 UDP/3230-3305 SIP
InFocus Mondopad Endpoints For Mondopad endpoints, the following firewall configuration is required in your environment. Note this is not a configuration guide for sharing or annotation features, please see the InFocus guide for more comprehensive details. Please ensure endpoints using NAT to access the internet are configured correctly. See here for more details. Type SIP
Protocol TCP/5060-5061
Source 174.36.253.44 208.43.236.162 159.8.240.22
Destination Your endpoint
Comments SIP TCP (unencrypted) and SIP TLS (encrypted) Call Setup
SIP
UDP/ 25000-35000
174.36.253.44 208.43.236.162 159.8.240.22
Your endpoint
RTP Media – audio and video streams Must be bi-directional
