Polycom RealPresence Ready Firewall Traversal Tips
Polycom RealPresenceReady Firewall TraversalTips
Firewall Traversal Summary In order for your system to communicate with end points inother sites or with your customers the network firewall inall you sites may have to be configured to allow videotraffic There are a few different options to do this: Option 1: Set up the room system in a De Militarized Zone (DMZ) Option 2: Open Firewall Ports to allow incoming and outgoing videotraffic Option 3: Polycom Video Border Proxy (VBP) provides the mostflexible option providing secure traversal for video traffic whileensuring that you experience the highest quality of servicePolycom RealPresence Ready Firewall Traversal Tips 2
HDX Configuration – Step 1Fixed IP for the HDX Main OfficeIP: 130.10.19.1HDX7000Enterprise FirewallIP: 70.202.30.250Allocate a Fixed IPAddress to the HDX –example 130.10.19.1 Using dynamic IPaddress or DHCP couldmake traversalcomplicatedPolycom RealPresence Ready Firewall Traversal Tips 3
HDX Configuration – Step 2Configure 1:1 NAT in HDXMain OfficeIP: 130.10.19.1HDX7000Enterprise FirewallIP: 70.202.30.25070.202.30.250 If the sites do not haveVPN or if Polycom VBPis not installed the HDXmay have to beconfigured for 1:1Network AddressTranslation (NAT) Configure the HDX touse fixed ports Select “Auto” under NATconfiguration System willautomatically detect thepublic IP address anddisplay itPolycom RealPresence Ready Firewall Traversal Tips 4
Firewall Configuration – Option 1Configure Firewall to place the HDX in a DMZMain OfficeMost firewall allow one system inside thefirewall to be placed in the DMZ.DMZ is a firewall configuration that opens allports through the router to a specific computerand places the computer outside of thefirewall. Other devices within the networkremain within the protection of the firewall.IP: 130.10.19.1HDX7000Enterprise FirewallIP: 70.202.30.250If the HDX is configured to be in the DMZ thefirewall automatically routes video traffic to theHDX internal IP addressDMZ option is viable if there is one roomsystem in the sitePolycom RealPresence Ready Firewall Traversal Tips 5
Firewall Configuration – Option 2Configure Firewall to allow video trafficMain OfficeIf the system cannot be put in a DMZ, firewallsallow specific ports to be opened within thefirewall to allow video traffic bi-directionallyIP: 130.10.19.1Following ports must be openedHDX7000Inbound TCP: 1720, 3230 – 3243Enterprise FirewallIP: 70.202.30.250Inbound UDP: 3230 – 3285Outbound TCP: ANYOutbound TCP: ANYPolycom RealPresence Ready Firewall Traversal Tips 6
Firewall Configuration – Option 2Confirm if firewall ports are open Download the free open source port scanner program tocheck if the ports are open p/3511110Polycom RealPresence Ready Firewall Traversal Tips 7
Firewall Configuration – Option 2Disable H.323 aware helpers in the firewallMain OfficeIP: 130.10.19.1Some firewalls are H.323 aware(H.323 is one of the protocols used tosetup calls).HDX7000Enterprise FirewallIP: 70.202.30.250H.323 aware services may block videotraffic. H.323 aware helper servicesmay need to be disabled.Also H.323 fixups or deep packetinspections may also need to bedisabled.Polycom RealPresence Ready Firewall Traversal Tips 8
Polycom VBP – Option 3Most flexible internal B2B configuration Supplement or replacefirewall with Polycom VBPMain Office If the existing firewall iskept then all that needs tobe done is configure DMZto allow VBP to sit in aDMZ or place it in parallelto existing FWm100HDX7000Enterprise FirewallVBP4555ERemote Office 1m100 No need to configure 1:1NAT in HDXHDX6000EnterpriseFirewall End points register toVBP making it easier forthem to communicateVBP200ERemote Office 2m100HDX6000EnterpriseFirewallVBP200ECUSTOMER/ PARTNER SITEOffNet Public IP endpoint VBP prioritizes andshapes traffic optimizingthe experience for videoPolycom RealPresence Ready Firewall Traversal Tips 9
Polycom VBP – Option 3Quick Configuration with VBP - Prefix Routing Call FlowStep 3 – VBP receives callwith destination E.1648315551000 and routes tothe registered endpointVideo SystemE.164: 8315551000VBP 4555Main Office (IP: 12.48.260.1)Step 2 – Prefix 831 matched,VBP routes call to12.48.260.1Office 1 (IP: 12.48.270.1)VBP 4555Video SystemE.164: 5105551000InternetOffice 2 (IP: 12.48.280.1)VBP 200Video SystemE.164: 4085551000Step 1 - User dials 8315551000Polycom RealPresence Ready Firewall Traversal Tips 10
PolyCom VBP – Option 3VBP H.323 Prefix/Neighboring RoutingPolycom RealPresence Ready Firewall Traversal Tips 11
Final StepPlace a test call through Polycom Test systemMain OfficePlace a video call from the HDX using theremote or webIP: 130.10.19.1Type following IP address: 140.242.250.205HDX7000Choose H.323 for the call typeEnterprise FirewallIP: 70.202.30.250If the connections are open you should see a selfrunning video with audio on Polycom solutionsPolycom Test Site140.242.250.205Polycom RealPresence Ready Firewall Traversal Tips 12
DMZ is a firewall configuration that opens all ports through the router to a specific computer and places the computer outside of the firewall. Other devices within the network remain within the protection of the firewall. If the HDX is configured to be in the DMZ the firewall automatically routes video traffic to the HDX internal IP address
Polycom RealPresence Resource Manager 10.0.1 10.0.1 10.0.1 Polycom RealPresence Collaboration Server 8.6.7 8.6.7 8.6.7 Polycom RealPresence Distributed Media ApplicationTM (DMA ) 6.4.1 6.4.1 6.4.1 Polycom RealPresence Access Director 4.2.3 4.2.3 4.2.4_230053 Polycom RealPresenc
Polycom RealPresence Group Series Polycom announces the new release of Polycom RealPresence Group Series system. This document provides the latest information on the following Polycom software: Version 6.2.0.1 of the Polycom RealPresence Group Series system software Version 2.1.0.5 of the Polycom EagleEye Director II camera software
Polycom, Inc. 10 Before You Begin This Polycom RealPresence Trio Solution for Skype for Business User Guide contains overview information for the Polycom RealPresence Trio 8800 audio conferencing system and the Polycom RealPresence Trio Visual content
This guide is for users who want to perform basic to intermediate tasks on the Polycom RealPresence Group Series system with Zoom Connector for Polycom . Please read the RealPresence Group Series documentation before you operate the system. The following related documents for RealPresence Group Series systems are available from Polycom
Polycom Touch Control User Guide, and Polycom RealPresence Group Series with RealPresence Touch User Guide, which describe how to perform video conferencing tasks Setup sheets for your hardware Release notes Polycom RealPresence Group Series Integrator Reference Guide, which provides cable information and API command descriptions Polycom .
Polycom RealPresence Web Suite Administrator Guide. for information on upgrading and migrating settings from your previous installation. Note: Get the latest product information from Polycom Support. To view the latest Polycom product documentation, visit the Polycom RealPresence Web Suite Support page on Polycom Support.
In Polycom Immersive Telepresence Series suites, the video is delivered using two, three, or four independent Polycom HDX codecs. In Polycom RealPr esence Immersive Studio, RealPresence Immersive Studio Flex, and Polycom RealPresence OTX Studio rooms, the video is delivered using three Polycom RealPresence Group Series codecs.
The API commands in this guide are applicable to the Polycom RealPresence Group 300, Polycom RealPresence Group 500, and Polycom RealPresence Group 700 systems.
