Chapter 4 - Installing Videoconferencing Systems
© Polycom, Inc. 89
Firewall and NAT Issues
A firewall protects an organization’s network by controlling data
traffic from outside the network. Different types of firewalls use
different techniques to provide network security, but unless the
firewall is designed to work with H.323 videoconferencing
equipment, it will prevent successful videoconferencing because it
is designed to prevent unsolicited data from entering the network.
From a functional perspective, it blocks incoming calls, and it
prevents outgoing calls by blocking the call signalling from the
external endpoint when the two endpoints begin the signal
transaction required to set up the call.
Network Address Translation (NAT) network environments use
internal IP addresses for the devices within the network, while
using one external IP address to communicate with the outside
world (Wide Area Network). The NAT router accepts incoming data
and forwards it to the appropriate endpoint. This provides a degree
of network security, as the internal IP addresses do not provide
access from outside the network.
Firewalls and NAT are often used together.
Configuring the System to Operate Behind a Firewall
To make calls through a firewall, you must open the following ports
and assign them to the videoconferencing system:
Table 4-1. Firewall Ports to Open for Videoconferencing
Port Used for
389 (TCP) ILS registration
1503 (TCP) Microsoft NetMeeting T.120 data sharing
1718 (UDP) Gatekeeper discovery
1719 (UDP) Gatekeeper RAS (must be bidirectional)
1720 (TCP) H.323 call set-up (must be bidirectional)
1731 (TCP) Audio call control (must be bidirectional)
3230-3235
(TCP/UDP)
Signalling and control for audio, call, video, and
data/FECC
3603 (TCP) Web interface