If you are using a Firewall Traversal go to this page
BEFORE WE START
When configuring a video conferencing system, please ensure any H.323 protocol inspection engines are disabled. This includes, but is not limited to, H.323, H.245, H.239 and H.225 inspection. Having these protocol inspection engines enabled usually causes more problems than good, often resulting in significant packet loss. Please check with your firewall manufacturer on how you can disable H.323 inspection.
Also ensure that you don't have any pre-existing rules or services that may conflict with the recommendations given below. We suggest that new, bi-directional rules for the ports listed below are created and clearly indicated for future reference.*
For firewall information regarding your web browser or Easymeeting Desktop, please read our helpdesk article: Our company is behind a very strict firewall, can I still join using my web browser (WebRTC) or Easymeeting Desktop?
THE FOLLOWING OPTIONS EXIST, PLEASE PICK ONE:
Since the video system is outside of the firewall, no configuration in necessary. We do not recommend this configuration for permanent installations and only recommend it for troubleshooting or demonstration purposes. While outside the firewall, your system’s web admin interface will be exposed to the Internet and you’ll have an increased exposure to video conferencing SPAM.
Easymeeting does offer a SPAM filter with our Cloud Connect subscription. If you are interested in learning more, please contact sales@easymeeting.net.
You will need to create a static 1-to-1 NAT policy from the public side of your firewall to the semi-private side of the DMZ. Some firewalls require you to create an additional policy to translate the semi-private DMZ to the public side of your firewall.
Please reference the table, “H323 Firewall Ports Used for Audio/Video/Data” to get a list of ports you should enable bi-directionally on your firewall and “Endpoint Settings” below to ensure you’ve enable Static NAT for your video system.
If you’re video system is not listed in the table below, please check with your hardware manufacturer.
This configuration has the video conferencing endpoint on your private network. You will need to create a static 1-to-1 NAT policy from the public side of your firewall to the private side of the LAN. Some firewalls require you to create an additional policy to translate the private LAN to the public side of your firewall.
Please reference the table, “H323 Firewall Ports Used for Audio/Video/Data” to get a list of ports you should enable bi-directionally on your firewall and “Endpoint Settings” below to ensure you’ve enable Static NAT for your video system.
If you’re video system is not listed in the table below, please check with your hardware manufacturer.
OPTION 4
Easymeeting's Cloud Connect Services:
Sometimes, companies don’t have the technical resources to configure complicated firewalls. With Easymeeting.net’s Cloud Connect, you can seamlessly integrate your video conferencing systems into the Easymeeting Cloud and with other video conferencing devices across the globe. To receive more information about Easymeeting Cloud Connect services, please contact sales@easymeeting.net or visit www.easymeeting.net/cloudconnect.
*Please note, Easymeeting cannot be responsible for the configuration of your firewall/router. This information is intended as a guideline to help you realize all features of the Easymeeting service.
Refer to your system user manual for complete list of ports in use by your specific end point.
System | TCP | UDP |
---|---|---|
All systems | 80 & 443 (Remote management - Optional) 1720 (H.323 call setup) |
1719 (Gatekeeper registration) |
Cisco | 5555-5574 (audio/video/data) | 2326-2485 (audio/video/data) |
LifeSize | 60000-64999 (audio/video/data) | 60000-64999 (audio/video/data) |
Polycom (when configured with "fixed ports") |
3230-3243 (audio/video/data) 21 (for software updates) |
3230-3290 (audio/video/data) |
Radvision (when configured with "fixed ports") |
3230 - 3242 (audio/video/data) | 3230 - 3287 (audio/video/data) |
Sony | 2253-2255 (audio/video/data) | 49152-49239 (audio/video/data) |
Tandberg | 5555 - 5574 (audio/video/data) 21 (software update) |
2326 - 2385 (audio/video/data) (2326 - 2485 for internal multipoint units) |
TWS | 3230 - 3280 (audio/video/data) | 3230 - 3280 (audio/video/data) |
Yealink | 30000 - 39999 50000 - 50499 (audio/video/data) |
30000 - 39999 50000 - 50499 (audio/video/data) |
ZTE | 3230 - 3280 (audio/video/data) | 3230 - 3280 (audio/video/data) |
WHEN USING OPTIONS 2 & 3, PORT FORWARDING: If your system isn’t listed, or you are unsure how to properly configure your system, please refer to your system user manual or hardware manufacturer for assistance with configuring Static NAT.
Easymeeting TWS video systems
* Navigate to Settings -> Network -> Firewall
* Static NAT Traversal = Enabled
* Public IP Address = [Enter the NAT public IP address]
LifeSize Express series video systems
* System Menu --> Administrator Preferences --> Network --> NAT
* Enable Static NAT, and enter the public IP address of the firewall in the "NAT Public IP Address"
Polycom video systems
* Admin Setup -> Network -> IP Network
* Fixed Ports: On (checked)
* NAT Configuration: AUTO or choose MANUAL to enter the address if the system can’t find NAT Public (WAN) address automatically.
* NAT is H.323 Compatible: Off (not checked)
Radvision XT1000 series video systems
* Settings -> Network -> Preferences -> Dynamic Ports
* Auto Detect (TCP) = Disabled
* Auto Detect (UDP) = Disabled
* Settings -> Networks -> Preferences -> NAT
* NAT Traversal = Enabled
* NAT Discovery = Manual
* Public IP Address = [Enter the NAT public IP address]
Yealink video systems
* Navigate to Menu->Advanced->NAT/Firewall
* NAT Type = Manual
* Public IP Address = [Enter the NAT public IP address]
ZTE T700 video systems
* Navigate to Settings -> Network -> Firewall -> H323
* NAT Mode = Static NAT
* NAT Address = [Enter the NAT public IP address]
NETWORK GUIDELINES
These recommended network guidelines are intended to allow you to obtain the best experience when accessing the Easymeeting services. Video performance and quality of experience is directly related to network performance, should a network link be unreliable or give intermittent performance, this can have the same impact on your video experience.
BANDWIDTH (BI-DIRECTIONAL)
-
Minimum bandwidth requirements for Standard Definition (SD) video conferencing, including PC, Mac, and Mobile: 384kbps
-
Recommended bandwidth requirements for Standard Definition (SD) video conferencing, including PC, Mac, and Mobile : 768kbps
-
Minimum bandwidth requirements for High Definition (HD) video conferencing, including PC, Mac, and Mobile: 1024kbps
- Recommended bandwidth requirements for High Definition (HD) video conferencing, including PC, Mac, and Mobile: 1536kbps
PACKET LOSS
Packet loss should be less than 1%. Anything higher will result in pixelated images within the video call; “video artifacts” as we like to call them. 1% is noticeable while 5% is intolerable.
NETWORK DUPLEX MODE
Set the switchport and the video conference system to full duplex. Duplex mismatch is the number one cause of packet loss and video freezing.
LATENCY (DELAY)
Intermediate routers may prioritize the video and audio packet sizes differently, creating differing transit times. In severe cases, audio and video packets become out of sync, resulting in video motion not “lining up” with audio spoken in a video call.
-
0 – 150 ms : recommended
-
150 – 299 ms : acceptable
-
300 – 400 ms : not recommended
-
400 ms : unacceptable
JITTER
The term 'jitter' refers to the variation in timing of the picture as packets are received, buffered, and distributed to the screen as the available bandwidth changes. An increase in jitter caused by an underpowered network connection can cause “skipping” or “freezing” of a picture. It is recommended to have jitter below 20 milliseconds.
QUALITY OF SERVICE
Quality of Service (QoS) maps or tags certain traffic with varying degrees of priority. If you wish to implement QoS for the voice and video applications with your network, please ensure they are tagged for the highest priority configurable. Please be aware that QoS doesn’t work over the public Internet to the Easymeeting services.
APPLICATION LAYER GATEWAY, H.323 PROXY OR OTHER “FIREWALL-HELPERS“
Most firewalls have an application filter making H.323 easier to work with and they all go by different names, depending on the vendor. In most environments, it’s HIGHLY recommended they are disabled.
Comments
0 comments
Please sign in to leave a comment.