FIREWALL RECOMMENDATIONS & GUIDELINES

OPTION 1

Video system outside the firewall with public IP address:

 Since the video system is outside of the firewall, no configuration in necessary.  We do not recommend this configuration for permanent installations and only recommend it for troubleshooting or demonstration purposes.  While outside the firewall, your system’s web admin interface will be exposed to the Internet and you’ll have an increased exposure to video conferencing SPAM.

Easymeeting does offer a SPAM filter with our Cloud Connect subscription. If you are interested in learning more, please contact sales@easymeeting.net.

OPTION 2

Video system located in a DMZ:

You will need to create a static 1-to-1 NAT policy from the public side of your firewall to the semi-private side of the DMZ.  Some firewalls require you to create an additional policy to translate the semi-private DMZ to the public side of your firewall.

Please reference the table, “H323 Firewall Ports Used for Audio/Video/Data” to get a list of ports you should enable bi-directionally  on your firewall and “Endpoint Settings” below to ensure you’ve enable Static NAT for your video system.

If you’re video system is not listed in the table below, please check with your hardware manufacturer.

OPTION 3

Endpoint located on private network:

 This configuration has the video conferencing endpoint on your private network.  You will need to create a static 1-to-1 NAT policy from the public side of your firewall to the private side of the LAN.  Some firewalls require you to create an additional policy to translate the private LAN to the public side of your firewall.

Please reference the table, “H323 Firewall Ports Used for Audio/Video/Data” to get a list of ports you should enable bi-directionally on your firewall and “Endpoint Settings” below to ensure you’ve enable Static NAT for your video system.

If you’re video system is not listed in the table below, please check with your hardware manufacturer.

OPTION 4

Easymeeting's Cloud Connect Services:

Sometimes, companies don’t have the technical resources to configure complicated firewalls.  With Easymeeting.net’s Cloud Connect, you can seamlessly integrate your video conferencing systems into the Easymeeting Cloud and with other video conferencing devices across the globe. To receive more information about Easymeeting Cloud Connect services, please contact sales@easymeeting.net or visit www.easymeeting.net/cloudconnect.

*Please note, Easymeeting cannot be responsible for the configuration of your firewall/router. This information is intended as a guideline to help you realize all features of the Easymeeting service.

Refer to your system user manual for complete list of ports in use by your specific end point.

WHEN USING OPTIONS 2 & 3, PORT FORWARDING: If your system isn’t listed, or you are unsure how to properly configure your system, please refer to your system user manual or hardware manufacturer for assistance with configuring Static NAT.

Easymeeting TWS video systems

     * Navigate to Settings -> Network -> Firewall
     * Static NAT Traversal = Enabled
     * Public IP Address = [Enter the NAT public IP address]

LifeSize Express series video systems

     * System Menu --> Administrator Preferences --> Network --> NAT
     * Enable Static NAT, and enter the public IP address of the firewall in the "NAT Public IP Address"

Polycom video systems

     * Admin Setup -> Network -> IP Network
     * Fixed Ports: On (checked)
     * NAT Configuration: AUTO or choose MANUAL to enter the address if the system can’t find NAT Public (WAN) address automatically.
     * NAT is H.323 Compatible: Off (not checked)

Radvision XT1000 series video systems

     * Settings -> Network -> Preferences -> Dynamic Ports
     * Auto Detect (TCP) = Disabled
     * Auto Detect (UDP) = Disabled
     * Settings -> Networks -> Preferences -> NAT
     * NAT Traversal = Enabled
     * NAT Discovery = Manual
     * Public IP Address = [Enter the NAT public IP address]

Yealink video systems

     * Navigate to Menu->Advanced->NAT/Firewall
     * NAT Type = Manual
     * Public IP Address = [Enter the NAT public IP address]

ZTE T700 video systems

     * Navigate to Settings -> Network -> Firewall -> H323
     * NAT Mode = Static NAT
     * NAT Address = [Enter the NAT public IP address]

These recommended network guidelines are intended to allow you to obtain the best experience when accessing the Easymeeting services. Video performance and quality of experience is directly related to network performance, should a network link be unreliable or give intermittent performance, this can have the same impact on your video experience.

BANDWIDTH (BI-DIRECTIONAL)

• Minimum bandwidth requirements for Standard Definition (SD) video conferencing, including PC, Mac, and Mobile: 384kbps

• Recommended bandwidth requirements for Standard Definition (SD) video conferencing, including PC, Mac, and Mobile : 768kbps

• Minimum bandwidth requirements for High Definition (HD) video conferencing, including PC, Mac, and Mobile: 1024kbps

• Recommended bandwidth requirements for High Definition (HD) video conferencing, including PC, Mac, and Mobile: 1536kbps

PACKET LOSS

Packet loss should be less than 1%.  Anything higher will result in pixelated images within the video call; “video artifacts” as we like to call them. 1% is noticeable while 5% is intolerable.

NETWORK DUPLEX MODE

Set the switchport and the video conference system to full duplex. Duplex mismatch is the number one cause of packet loss and video freezing.

LATENCY (DELAY)

Intermediate routers may prioritize the video and audio packet sizes differently, creating differing transit times.  In severe cases, audio and video packets become out of sync, resulting in video motion not “lining up” with audio spoken in a video call.

• 0 – 150 ms : recommended

• 150 – 299 ms : acceptable

• 300 – 400 ms : not recommended

• 400 ms : unacceptable

JITTER

The term 'jitter' refers to the variation in timing of the picture as packets are received, buffered, and distributed to the screen as the available bandwidth changes. An increase in jitter caused by an underpowered network connection can cause “skipping” or “freezing” of a picture.  It is recommended to have jitter below 20 milliseconds.

QUALITY OF SERVICE

Quality of Service (QoS) maps or tags certain traffic with varying degrees of priority.  If  you wish to implement QoS for the voice and video applications with your network, please ensure they are tagged for the highest priority configurable.  Please be aware that QoS doesn’t work over the public Internet to the Easymeeting services.

APPLICATION LAYER GATEWAY, H.323 PROXY OR OTHER “FIREWALL-HELPERS“

Most firewalls have an application filter making H.323 easier to work with and they all go by different names, depending on the vendor.  In most environments, it’s HIGHLY recommended they are disabled.