UCi2i Video Conference Endpoint Firewall Requirements



Similar documents
UCi2i Video Conference Endpoint Firewall Requirements. UCi2i Video Conference Endpoint Firewall Requirements

Cisco TelePresence Video Communication Server (Cisco VCS) IP Port Usage for Firewall Traversal. Cisco VCS X8.5 December 2014

Cisco Expressway IP Port Usage for Firewall Traversal. Cisco Expressway X8.1 D December 2013

Application Note. Onsight Connect Network Requirements v6.3

Personal Telepresence. Place the VidyoPortal/VidyoRouter on a public Static IP address

Ports utilisés. Ports utilisés par le XT1000/5000 :

VidyoWay IT Guide Product Version 3.0 Document Version 3.0 A 5/9/2014

MS Skype for Business and Lync. Integration Guide

LifeSize Transit Deployment Guide June 2011

Cisco Expressway Basic Configuration

Crossing firewalls. Liane Tarouco Leandro Bertholdo RNP POP/RS. Firewalls block H.323 ports

TMS Phone Books Troubleshoot Guide

Polycom RealPresence Access Director System

How to Make the Client IP Address Available to the Back-end Server

AVer Video Conferencing Network Setup Guide

Cisco Expressway Series

StarLeaf Network Guide

Application Note. Firewall Requirements for the Onsight Mobile Collaboration System and Hosted Librestream SIP Service v5.0

Cisco TelePresence Video Communication Server Basic Configuration (Control with Expressway)

Video Conferencing and Firewalls

IP Ports and Protocols used by H.323 Devices

Cullen Jennings July 2015

District of Columbia Courts Attachment 1 Video Conference Bridge Infrastructure Equipment Performance Specification

Clearswift SECURE Gateway V3.*

Quick Installation Card

Unified Communications in RealPresence Access Director System Environments

Application Note. Onsight TeamLink And Firewall Detect v6.3

Application Note. Onsight Connect Network Requirements V6.1

Setting up a reflector-reflector interconnection using Alkit Reflex RTP reflector/mixer

nexvortex Setup Guide

Customer Guide. BT Business - BT SIP Trunks. BT SIP Trunks: Firewall and LAN Guide. Issued by: BT Business Date Issue: v1.

White Paper. Traversing Firewalls with Video over IP: Issues and Solutions

VegaStream Information Note Considerations for a VoIP installation

Unified Communications Mobile and Remote Access via Cisco VCS

About UCi2i The future of visual communications

FRAFOS GmbH Windscheidstr. 18 Ahoi Berlin Germany

Administrator Guide for Avaya Scopia Management for Aura Collaboration Suite

Application Note - Using Tenor behind a Firewall/NAT

Unified Communications Mobile and Remote Access via Cisco Expressway

Online course syllabus. MAB: Voice over IP

How To Protect Your Network From A Hacker Attack On Zcoo Ip Phx From A Pbx From An Ip Phone From A Cell Phone From An Uniden Ip Pho From A Sim Sims (For A Sims) From A

Multimedia Transport Protocols for WebRTC

Proxy & Firewall Target Server List to Permit Communication

FRAFOS GmbH Windscheidstr. 18 Ahoi Berlin Germany

LifeSize Video Communications Systems Administrator Guide

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN

Implementing Network Address Translation and Port Redirection in epipe

MiaRec. Cisco Built-in-Bridge Recording Interface Configuration Guide. Revision 1.2 ( )

WhatsUpGold. v14.2. Getting Started with WhatsUp Gold MSP Edition

Quick Installation Card

Deploying the Barracuda Load Balancer with Office Communications Server 2007 R2. Office Communications Server Overview.

Polycom. RealPresence Ready Firewall Traversal Tips

Unified Communications Mobile and Remote Access via Cisco VCS

Telephony System Integrator s Guide for Bandwidth.com. Citrix EasyCall Gateway 2.2.1

ANS Monitoring as a Service. Customer requirements

General Guidelines for SIP Trunking Installations

Cisco TelePresence Video Communication Server Expressway

Pexip Reverse Proxy and TURN Server Deployment Guide

Successful IP Video Conferencing White Paper

Scopia Desktop Server

THINKTEL COMMUNICATIONS CUDATEL PHONE SYSTEM 270. High Availability and SIP-TRUNK Configuration

LifeSize Passport TM User and Administrator Guide

Acano solution. Acano Server & VM Release R1.8. Single Combined Server Deployment Guide. March K

Remote extensions and remote offices

StarLeaf Connectivity Services. Deployment Guide

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

Cisco Exam Implementing Cisco Video Network Devices (VIVND) Version: 7.1 [ Total Questions: 74 ]

VidyoConferencing Network Administrators Guide

Firewall Firewall August, 2003

QUICK START GUIDE MONDOPAD/WIN

F-SECURE MESSAGING SECURITY GATEWAY

Cisco Unified Videoconferencing Manager Version 5.5

video systems Getting started guide

LifeSize Control Installation Guide

What it can do. Further scaling and resilience provided by native clustering. Automatic failover with no single point of failure.

Internet and Intranet Calling with Polycom PVX 8.0.1

LifeSize UVC Manager TM Deployment Guide

SSL VPN Technology White Paper

AVer EVC. Quick Installation Guide. Package Contents. 8. Mini Din 8 pin MIC Cable. 1. Main System. 9. HDMI Cable. 2. Camera. 10.

Manual. ABTO Software

Acano solution. Third Party Call Control Guide. March E

Accessing Remote Devices via the LAN-Cell 2

How do I set up a branch office VPN tunnel with the Management Server?

Polycom RealPresence Access Director System

H3C SSL VPN RADIUS Authentication Configuration Example

3.2.2 Bandwidth Requirements

Preinstallation Requirements Guide

INSTANT CONNECT SERVICE USER GUIDE

Avaya Video Conferencing Manager Deployment Guide

Cisco TelePresence Video Communication Server Starter Pack Express Bundle

PSTN Survivability - Sentinel in the LAN with PBX Registering to Sentinel. Dgw v Revision 01 April 30,

SCOPIA iview Management Suite

Source-Connect Network Configuration Last updated May 2009

Version 0.1 June Xerox WorkCentre 7120 Fax over Internet Protocol (FoIP)

Many network and firewall administrators consider the network firewall at the network edge as their primary defense against all network woes.

Quickstart guide to Configuring WebTitan

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding

Management, Logging and Troubleshooting

Transcription:

UCi2i Video Conference Endpoint Firewall Requirements Page 1

Confidentiality Statement and Copyright Notice This document is published as Public and may be freely distributed. Copyright subsists in all UCi2i (UK) Limited publications. No extract may be reproduced, stored in a retrieval system or transmitted in any form or by any means electronic, photocopying, recording or otherwise to any third parties, without prior permission in writing from UCi2i (UK) Limited. Version Control Date Version Changes Authorised 28 th November 2011 0.1 Draft for review TK 3 rd March 2012 1.0 Released version TK 6 th August 2013 1.1 Brand updates TK 29 th January 2015 2.0 Addition of WebRTC/Brower-based calling TK 9 th February 2015 2.1 Additional IP s added TK 16 th December 2015 2.2 Changed V-Desk support number (UK) TK Page 2

Contents UCi2i VC Endpoint Firewall Requirements... 4 What this means to you... 4 What addresses and ports does video conferencing use?... 5 UCi2i address ranges... 5 Complete Firewall Port List... 5 Defined Services Firewall List... 6 SIP Proxies... 6 H323: Using Assent Firewall Traversal... 6 H323: Using H.460.18/19 Firewall Traversal (used by all Polycom/Lifesize devices)... 7 Browser-based Video Calling (a.k.a. WebRTC)... 7 Endpoint Management (optional)... 8 Page 3

UCi2i VC Endpoint Firewall Requirements Due to the implementation of our secure video network, there are a few firewall rules that may be required depending on your network configuration to allow communication with the UCi2i infrastructure. This is to provide our clients with the best technology on the market. What this means to you In order for you and your client to take full advantage of our service, we MAY require you to make some changes to your firewall to allow communication from your current hardware/software to our Firewall Traversal Servers. Please note that many firewalls work without any modification at all. If you wish to test your firewall before deploying our managed video service, then you can test SIP Video functionality by downloading the free video client from https://www.ciscojabbervideo.com and once installed and logged in, call test@uci2i.com from the Jabber video client. You should see the following, and hear Hello, welcome to the conferencing system followed by a live self-view video of yourself. Please note the free Cisco Jabber video client has no customer support from Cisco or from UCi2i, however, feel free to let your friends/relatives know about it, and to use it to call them. Page 4

What addresses and ports does video conferencing use? Please see below firewall port requirements. In order to provide resiliency, we will require you to open ports to multiple addresses. UCi2i address ranges 91.244.117.67 91.233.183.163 91.244.117.110 91.244.117.116 91.244.117.197 91.244.117.198 91.233.183.167-91.233.183.173 91.233.183.197 91.233.183.198 91.244.117.1 (for endpoint management only) 91.233.183.129 (for endpoint management only) Complete Firewall Port List To enable the UCi2i service a complete list of the ports required is below. Should, you require information on the individual protocol requirements then please see the next section for a breakdown of services. HTTP 80 TCP Host ----> UCi2i HTTPS 443 TCP Host ----> UCi2i Gatekeeper RAS 1719 UDP Host ----> UCi2i H.225 Protocol 1720 TCP Host ----> UCi2i Signalling/Media (RTP) 2776 TCP+UDP Host ----> UCi2i RTCP + H.245 2777 TCP+UDP Host ----> UCi2i STUN/TURN Media 3478 UDP Host ----> UCi2i SIP Signalling(TCP) 5060 TCP+UDP Host ----> UCi2i SIP Signalling(TLS) 5061 TCP Host ----> UCi2i Q931/H245 33000-39999 TCP Host ----> UCi2i Page 5

Signalling Media + Lync 40000-49999 TCP+UDP Host ----> UCi2i Media + Lync 40000-54999 UDP Host ----> UCi2i Defined Services Firewall List SIP Proxies Please ensure that the correct ports are open depending on the video conferencing system you are using. There are different port requirements for SIP depending on what signalling method your system is using. The media requirements are the same regardless of the signalling method. Note these outbound exceptions are required to establish a UDP/TCP session. There are absolutely no inbound pinholes required. SIP Signalling(TLS) 5061 TCP Host ----> UCi2i SIP Signalling(TCP) 5060 TCP Host ----> UCi2i SIP Signalling(UDP) 5060 UDP Host ----> UCi2i Media (RTP) 2776 UDP Host ----> UCi2i Media (RTCP) 2777 UDP Host ----> UCi2i Media 40000-54999 UDP Host ----> UCi2i H323: Using Assent Firewall Traversal If your video conference system supports Assent traversal, you MAY need to open the ports below in order to register to our firewall traversal server. Gatekeeper RAS 1719 UDP Host ----> UCi2i Call Signalling 2776 TCP Host ----> UCi2i Media (RTP) 2776 UDP Host ----> UCi2i Page 6

Media (RTCP) 2777 UDP Host ----> UCi2i Q931/H245 Signalling 33000-39999 TCP Host ----> UCi2i Media 40000-54999 UDP Host ----> UCi2i H323: Using H.460.18/19 Firewall Traversal (used by all Polycom/Lifesize devices) If your video conference system is not a Cisco Telepresence device and supports H.460.18/19 firewall traversal, you will need to open the ports below in order to register to our firewall traversal server. Gatekeeper RAS 1719 UDP Host ----> UCi2i H.225 Protocol 1720 TCP Host ----> UCi2i H.245 Protocol 2777 TCP Host ----> UCi2i Q931/H245 Signalling 33000-39999 TCP Host ----> UCi2i Media (RTP) 2776 UDP Host ----> UCi2i Media (RTCP) 2777 UDP Host ----> UCi2i Media 40000-54999 UDP Host ----> UCi2i Browser-based Video Calling (a.k.a. WebRTC) We offer browser-based video calling - all major browsers are supported. This is typically known as WebRTC but we offer more than that as WebRTC is limited to Google Chrome, Firefox and Opera. We also provide service to any browser that also supports Adobe Flash. To allow this feature to work, the following ports will need to be opened: STUN/TURN Media 3478 UDP Host ----> UCi2i Media 40000-49999 TCP Host ----> UCi2i Page 7

Media 40000-49999 UDP Host ----> UCi2i HTTP 80 TCP Host ----> UCi2i HTTPS 443 TCP Host ----> UCi2i Endpoint Management (optional) If you require your video endpoint to be managed by us, we will require an IP address which is accessible over the Internet. This should be a static NAT IP as we do not recommend placing an endpoint directly on the internet. Please lock down access to the IP s listed above. Please ensure you have the below ports opened on your firewall to allow for monitoring and management of your video endpoint from our network. You will need to ensure your video endpoint is using an NTP server in order for it to authenticate with our Gatekeeper and for encryption to be active. HTTP or 80 TCP Host <----> UCi2i HTTPS (preferred) 443 TCP Host <----> UCi2i SNMP 161 UDP Host <---- UCi2i SNMP Traps 162 UDP Host ----> UCi2i Telnet or 23 TCP UCi2i ----> Host SSH (preferred) 22 TCP UCi2i ----> Host NTP NTP NTP NTP Key Please see below explanations of the direction column (where applicable): Direction Host <----> UCi2i Host <---- UCi2i Host ----> UCi2i Explanation Ports needs to be opened inbound and outbound to/from your VC endpoint and UCi2i Ports need to be opened inbound to your VC endpoint from the UCi2i address ranges Ports need to be opened outbound from your VC endpoint to the UCi2i address ranges Page 8

UCi2i ----> Host Host ---> NTP Server Ports need to be opened inbound to your VC endpoint from the UCi2i address ranges Ports need to be opened outbound from your VC endpoint to the NTP Server Finally, If you have any problem, please feel free to call our UCi2i Helpdesk Number: +852-3746-6000 (HK) or +44-844-546-7005 (UK). Page 9

APAC t: +852 3746 6001 V-Desk: +852 3746 6000 v/e: vdesk@uci2i.com 21/F, Wyler Centre Phase II 192-200 Tai Lin Pai Road Kwai Chung, N.T, Hong Kong EMEA t: +44 203 841 8555 v/e: vdesk@uci2i.com 6 Mitre Passage Greenwich Peninsula London SE10 0ER Page 10

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information