great service and discount prices on Polycom videoconferencing equipment and services

discount pricing and great service on Polycom video conferencing equipment and services
Video Conferencing Equipment and Services
     Home ] Contents ] Catalog ] Customer Service ] Search ]

How is a firewall configured for ViaVideo videoconferencing?

Configuration 1: DMZ setup for ViaVideo. One strategy is to put  the PC that has the ViaVideo in the DMZ, i.e. outside the firewall on the router.

For the d-link routers, here are the configuration steps:

Step 1     Open a web browser such as Internet Explorer and enter the IP address of your router (e.g. 192.168.0.1). Enter username (e.g. a default is admin) and your password (e.g. a default is blank).

Step 2     DMZ setup. Click on the Advanced tab and then the DMZ button on the left. Enter the local private IP address of the PC that's going to be put in the DMZ, and then click enable.

You can find private local IP address by using Network Connection in Windows or in ViaVideo you can see it the bottom on the ViaVideo Window or click on Settings/Network.

Now ViaVideo can send and receive video calls from any other Polycom or d-link DVC-1000 video endpoint.

A drawback with this DMZ configuration is that the PC is exposed on the public internet.   This configuration adds a security risk for your PC.

A second drawback is that people cannot dial into your ViaVideo since the router does not send the call setup to the address in the DMZ.

The Windows XP firewall can remain on. This provides security for your PC.

Configuration 2: d-link Router Firewall setup for ViaVideo. This strategy is to put  the PC that has the ViaVideo behind  the firewall on the router and then forward the required ports to the ViaVideo endpoint.

Most D-Link routers now support a Virtual Server feature that allows easy one-click configuration of the DVC-1000. This setting also works for ViaVideo and PVX software. You will not need to manually configure the ports. Upgrading your router to the latest firmware might be necessary to support this feature. If you have other routers or you are having difficulty, please read the user manual information to learn how to open ports on routers (port forwarding).

For the d-link routers, here are the configuration steps:

Step 1     Open a web browser such as Internet Explorer and enter the IP address of your router (e.g. 192.168.0.1). Enter username (e.g. a default is admin) and your password (e.g. a default is blank).

Step 2     One Click Virtual Server setup. Click on the Advanced tab and then the Virtual Server button on the left. This brings up the Virtual Server window.

Look in the Virtual Servers List for an entry called  i2eye or DVC-1000. Click on the edit icon (a page and pencil) to highlight it in yellow. At the top of the page then enter the private IP address for the video conferencing endpoint (e.g. 192.168.0.116). Under Protocol, select TCP. In the private port box, enter 1720. In the public port box, enter 1720. Click Always or set a schedule. Click Apply and then Continue.

This step assigns port 1720 to the video endpoint.

Click on the Advanced tab and then the Firewall button on the left. Now you should see the correct d-link ports assigned to the video endpoint (i.e. 1720 (TCP) and ports 15328-15333 (TCP and UDP) assigned to the endpoint 192.168.0.116).

With just this setting you should be able to dial outbound calls and receive in bound calls.

Notes: 

  • If the local private IP address for the video endpoint changes (because of a network change or because DHCP assigns a new IP address), then you need to modify the port forwarding by repeating steps 1 and 2 again.
  • if the DMZ is enabled and assigned to another port different to the video end-point, then black/blue screen results on the local endpoint. Solution: disable the DMZ feature or assign it to the DVC-1000 video end-point. Restart the DVC-1000.
  • NetMeeting users: According to d-link, NetMeeting and the H.323 cannot co-exist behind the same router simultaneously? If you want to use NetMeeting AND the H.323 behind the same router at different times, skip to step 3. You will need to disable the NetMeeting entry while you are using the H.323 and disable the H.323 entries (created in steps 5 and 6) while using NetMeeting. Look in the Virtual Servers List for an entry called NetMeeting. Click on the trash can to the right and delete this entry. If you do not have this entry, continue to the next step.

  • Known Issues: 2005/4 - Audio quality between a ViaVideo and a d-link DVC-1000 is not good  . . .perhaps because of the different Audio protocols used at each end point. Audio quality between two ViaVideo and between ViaVideo and Viewstations is good. Audio quality is good between two DVC-1000's, and between DVC-1000's and ViewStations.

  • For various ViaVideo installations, you may need to manually forward some or all of the following ports in your firewall and assign them to the videoconferencing endpoint:
    • Port 389 (TCP): For ILS registration
    • Port 1503 (TCP): Microsoft NetMeeting T.120 data sharing
    • Port 1718 (UDP): Gatekeeper discovery
    • Port 1719 (UDP): Gatekeeper RAS (Must be bi-directional)
    • Port 1720 (TCP) H.323 Call setup (Must be bi-directional)  - required.
    • Port 1731 (TCP): Audio call control (Must be bi-directional)
    • Ports 3230-3235 (TCP/UDP): 6 ports for signaling and control for audio, call, video and data/FECC -
      the dynamic ports used by the d-link i2eye -       15328-15333 (TCP and UDP)  also work - one or both required.
    • Port 3603 (TCP): ViaVideo Web interface

  • Polycom Knowledgebase Answers and Questions - ViaVideo firewalls

04/01/2005

Up ] d-link ] [ viavideo ] port forwarding ]



For more information, contact 1 PC Network Inc. 
Phone  800-965-8499 or 949-675-9588 or Fax 801-760-0210 or 949-675-9599 or e-mail  info@1pcn.com.

Copyright © 1997-2006      1 PC Network Inc.  All rights reserved. Web Site: www.1pcn.com