Source-Connect Network Configuration Last updated May 2009



Similar documents
MINIMUM NETWORK REQUIREMENTS 1. REQUIREMENTS SUMMARY... 1

Firewall Defaults and Some Basic Rules

Polycom. RealPresence Ready Firewall Traversal Tips

Firewall Firewall August, 2003

PowerLink Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Firewall Defaults, Public Server Rule, and Secondary WAN IP Address

BroadCloud PBX Customer Minimum Requirements

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN

Network Configuration Settings

Chapter 3 Security and Firewall Protection

Chapter 3 LAN Configuration

Digi Connect WAN Application Helper NAT, GRE, ESP and TCP/UPD Forwarding and IP Filtering

Chapter 11 Cloud Application Development

Chapter 8 Router and Network Management

About Firewall Protection

Accessing Remote Devices via the LAN-Cell 2

Chapter 4 Firewall Protection and Content Filtering

Appendix C Network Planning for Dual WAN Ports

UIP1868P User Interface Guide

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

Barracuda Link Balancer

Chapter 12 Supporting Network Address Translation (NAT)

Firewall VPN Router. Quick Installation Guide M73-APO09-380

Barracuda Link Balancer Administrator s Guide

Creating a VPN with overlapping subnets

ASA/PIX: Load balancing between two ISP - options

Protecting the Home Network (Firewall)

Multi-Homing Dual WAN Firewall Router

Smart Tips. Enabling WAN Load Balancing. Key Features. Network Diagram. Overview. Featured Products. WAN Failover. Enabling WAN Load Balancing Page 1

Technical Support Information

Funkwerk UTM Release Notes (english)

Chapter 2 Connecting the FVX538 to the Internet

IP Ports and Protocols used by H.323 Devices

Firewalls. Chapter 3

Crossing firewalls. Liane Tarouco Leandro Bertholdo RNP POP/RS. Firewalls block H.323 ports

Application Notes for Configuring a SonicWALL VPN with an Avaya IP Telephony Infrastructure - Issue 1.0

Using Remote Desktop Software with the LAN-Cell

How Your Computer Accesses the Internet through your Wi-Fi for Boats Router

Internet Protocol: IP packet headers. vendredi 18 octobre 13

Chapter 7 Troubleshooting

TalkShow Advanced Network Tips

nexvortex Setup Guide

Proxies. Chapter 4. Network & Security Gildas Avoine

CSCE 465 Computer & Network Security

Fireware Essentials Exam Study Guide

Chapter 4 Firewall Protection and Content Filtering

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding

ADTRAN 3120 / 3130 Internet Configuration Guide

ICS 351: Today's plan. IP addresses Network Address Translation Dynamic Host Configuration Protocol Small Office / Home Office configuration

White Paper. Traversing Firewalls with Video over IP: Issues and Solutions

vcloud Air - Virtual Private Cloud OnDemand Networking Guide

Multi-Homing Security Gateway

We will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall

Computer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1

Many network and firewall administrators consider the network firewall at the network edge as their primary defense against all network woes.

HD-XE1 HD-EP10 HD-E1. Ethernet Connection Quick Setup Guide

Hosting more than one FortiOS instance on. VLANs. 1. Network topology

Broadband Phone Gateway BPG510 Technical Users Guide

Securing Networks with PIX and ASA

NAT (Network Address Translation)

Internet Security Firewalls

Load Balancer LB-2. User s Guide

athenahealth Interface Connectivity SSH Implementation Guide

Chapter 4 Security and Firewall Protection

Com.X Router/Firewall Module. Use Cases. White Paper. Version 1.0, 21 May Far South Networks

SonicOS 5.9 / / 6.2 Log Events Reference Guide with Enhanced Logging

Lab Configure and Test Advanced Protocol Handling on the Cisco PIX Security Appliance

What communication protocols are used to discover Tesira servers on a network?

Chapter 3 Connecting the Router to the Internet

SwiftBroadband and IP data connections

IP Filtering for Patton RAS Products

VMware vcloud Air Networking Guide

Galileo International. Firewall & Proxy Specifications

Innominate mguard Version 6

CSE331: Introduction to Networks and Security. Lecture 12 Fall 2006

Security. TestOut Modules

Firewalls P+S Linux Router & Firewall 2013

Figure 41-1 IP Filter Rules

Using Remote Desktop Software with the LAN-Cell 3

BR Load Balancing Router. Manual

Table of Contents. Cisco Blocking Peer to Peer File Sharing Programs with the PIX Firewall

Configuring Personal Firewalls and Understanding IDS. Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA

NETASQ MIGRATING FROM V8 TO V9

21.4 Network Address Translation (NAT) NAT concept

Network Defense Tools

Configure a Microsoft Windows Workstation Internal IP Stateful Firewall

Initial Access and Basic IPv4 Internet Configuration

Chapter 4 Customizing Your Network Settings

If you have questions or find errors in the guide, please, contact us under the following address:

Load Balancing Router. User s Guide

Firewalls. Ingress Filtering. Ingress Filtering. Network Security. Firewalls. Access lists Ingress filtering. Egress filtering NAT

Network Address Translation (NAT)

This Technical Support Note shows the different options available in the Firewall menu of the ADTRAN OS Web GUI.

How To. Instreamer to Exstreamer connection. Project Name: Document Type: Document Revision: Instreamer to Exstreamer connection. How To 1.

FIREWALLS & CBAC. philip.heimer@hh.se

Overview - Using ADAMS With a Firewall

Video Conferencing and Firewalls

Prepare your IP network for HD video conferencing

Transcription:

Source-Connect Network Configuration Last updated May 2009 For further support: Chicago: +1 312 706 5555 London: +44 20 7193 3700 support@source-elements.com This document is designed to assist IT/Network administrators to configure your network to allow Source-Connect traffic in and out of your NAT or firewall protected network. It discussed Source-Connect and the supporting Q Manager service. This document covers: Notes Required Network Configuration Source-Connect / Q Manager Network overview Using other UDP port numbers How Source-Connect determines its network status Common issues: Connection Test: port not mapped or failed Connection Test 'successful however not able to connect with other users Ports unable to be allowed due to company rules. Anti-Virus is installed (generally Windows-only issue) Notes: 1. 'local' means the internal static IP of the Pro Tools machine, e.g. 192.168.1.5, where the machine is behind NAT. If the Pro Tools machine is on DHCP, you should provide the machine with a static NAT IP first. 2. Source-Connect and the supporting Q Manager application establish two TCP connections, to source-elements.com on TCP ports 80 and 5222, using both HTTP and HTTPS. These connections must be allowed by the firewall or Source-Connect will return error #120 (connection to source-elements:80 not allowed) or #125 (connection to sourceelements:5222 not allowed). Generally these connections are allowed by default except under the most strict circumstances. You will only need to make changes to your TCP firewall rules if you get error #120 or #125 on logging in to Source-Connect. 3. If you are analyzing network activity you may also note activity to your UDP port 5000. This can be ignored as it is conducting secondary network tests to enable operation of Source-Connect under less strict networks. 4. Source Elements software does not support any type of proxy at this time. It is important that the computer's public IP is the same IP that Source-Connect will send the UDP traffic to. 1

Required Network Configuration: 1. Either allow all outbound UDP ports, or allow outbound UDP connections to certain IPs as needed. Allow TCP connections to and from source-elements.com:80 and sourceelements.com:5222 (generally this is allowed by default). 2. Port forward/map the following UDP ports to the local IP: 6000-6002 If the user has Source-Connect Pro, the above ports may be modified to preferred ports, between 1024 and 65535. The ports must be an even number plus the two ports immediately following, e.g. 10060-10062 or 25985-25988. Source-Connect will use ports 6000-6001 (or the first 2 UDP ports you choose) and the Q Manager should be configured to use 6002 or the third UDP port you choose). 3. Ensure the firewall has been specified to allow inbound access on the three selected UDP ports. Once you have done this, you can log in. Then, to check that your UDP ports are not firewalled and are mapped to your local IP, the status panel has a port status message. If the test comes back 'successful' (Pro) or 'open' (Standard), it means that the sourceelements.com server is able to send and receive the UDP traffic. If you get 'port not mapped' it means that there is either a firewall or there is incorrect or absent port mappings for the UDP ports. If you get 'failed' then there is a firewall active on those ports for your local IP and/or your connection is going through multiple routers. Source-Connect is peer to peer, and for the connection test to return successful you will need to allow outbound/inbound UDP from source-elements.com. Note that this rule is not necessarily required for successful operation of Source-Connect, it simply allows the user to be assured that the network is properly functioning. As long as the IP address of the connection partner you wish to use is enabled then Source-Connect will function as expected. Note that we do not recommend setting your firewall rules to allow only to certain IP addresses. The IP of the source-elements.com server may change at any time. See the appendix for a list of current DNS and IP settings. This list is subject to change at anytime, however we will endeavor to provide 30 days notice. 2

Source-Connect Network Overview Source-Connect transfers a real-time, high-quality audio stream between remote locations via the UDP protocol. UDP is used in order to allow low delay communication, and thus relies on direct or unfirewalled network access to UDP ports. Generally, the machine running Source-Connect is on a private network address (behind NAT, or Network Address Translation). UDP is unable to independently negotiate NAT, so the network (secured by a router and/or firewall) must generally be configured with specific Port Mapping (or Port Forwarding) rules. If for some reason Port Mapping is not possible, e.g. the user has no administration access to the network, Source-Connect will attempt to negotiate the network. Negotiation, if possible at all, is much slower to connect and can create unwelcome delays and data loss because the UDP data must traverse an unknown and possibly temporarily available path. And, when this negotiation attempt simply attempt fails, the user cannot receive the audio stream. In addition, if the ports are not mapped Quality of Service rules cannot be applied. Therefore, we recommend to all users that in a permanent studio situation they administer the network appropriately to allow proper UDP port mapping. Q Manager Network Overview The Q Manager will by default also use UDP as it's transfer mechanism in a similar manner to Source-Connect Pro, however the volume of data is generally much lower as it is used to transfer only data that may have been lost during the Source-Connect recording session. The Q Manager is also configurable to use FTP instead of UDP. See the Q Manager guide in the Source-Connect manual for assistance on this matter or contact Support. Using other UDP port numbers: Source-Connect allows the user to specify a particular set of UDP ports. First, the user must configure their internal network settings to connect via a static IP, rather than DHCP, and then configure port mapping on the router. For example, the user configures the router to forward all incoming UDP data on ports 6000 and 6002 to their internal IP address, and enters the number 6000 in the Settings Panel of Source-Connect. (Ports may be any even number between 1024 65534 and this number plus two) 3

How Source-Connect logs in and determines its network status 1. Source-Connect first determines the internal(private/local) and external (public) IP addresses. The external IP address is determined by sending an HTTP request to a remote application on our server, source-elements.com:80. 2. A connection is now established with source-elements.com:5222. This is a persistent connection and will remain open for the duration of the Source-Connect session. If this connection is broken Source-Connect will respond with an error and log the user out. 3. Source-Connect determines the port mapping status by sending an HTTP request to our source-elements.com to begin forwarding a series of test UDP packets to the specified ports (e.g 6000, 6001, 6002) on the determined IP address. If Source-Connect receives these test UDP packets, it knows that port mapping is enabled, and will use these ports for the incoming audio stream. If Source-Connect does not receive any of the UDP packets, it will time-out and inform the user that the test has either returned 'port not mapped' or 'failed'. In the case of 'port not mapped', Source-Connect may have detected an alternative method of connecting and it is still possible that the user will receive an incoming stream. Usually an outgoing stream is still possible in this case. If 'failed' it is highly unlikely that there will be sent or received audio. Common issues: Connection Test: port not mapped or failed The user is able to properly configure their network for UDP port mapping however the connection test does not return successfully. Possible causes: - The user s ISP will filter HTTP traffic on port 80 - The user is behind a HTTP proxy - All TCP and/or UDP ports are firewalled - The ISP is using a caching server for UDP traffic In these cases Source-Connect will not be able to determine the user s public IP address, and the test UDP packets will be lost within the ISP s network. The test will not return successful, and the secondary, less reliable methods will be used where possible. 4

Common issues: successful however not able to connect with other users The user has successful or open for the port status, however no connections are possible with other users. In this case the receive light on the Status panel will not be blinking and no audio signal is received. Possible causes: - The network is blocking *all* incoming traffic on UDP ports except from sourceelements.com (hence the successful connection test) - A local firewall is on the machine Common issues: Ports unable to be allowed due to company rules. In many cases under a corporate network the UDP ports cannot be fully opened. In this case you have several options: 1. Obtain the IP address of the connecting user and allow inbound traffic from this IP address. This IP address should ideally be static (as provided by the ISP) so it does not change for your next session. You can contact Support for testing as we have a static IP available. 2. Install a second internet connection, e.g. consumer-strength cable or DSL. This method works very well, especially if the line is dedicated to Source-Connect, and will ensure all traffic is completely separate from the corporate network. 3. Use any VPN connection, e.g. IPSEC or PPTP. This works extremely well and can be configured in various ways for usability. Contact our Support team for advice. 4. Windows-only systems may choose to use a service like Hamachi, which is supported by Source-Connect Pro. Common issues: Anti-Virus is installed Generally this is a Windows-only issue. Source-Connect may be considered by some AV software as being a threat and the AV software will not allow the inbound connection. Either configure your AV software to allow Source-Connect and Q Manager connections, or disable the AV software during use. 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information