H.460 nat firewall traversal, H.460 nat firewall traversal -12, H.460 nat firewall – Polycom 6000 User Manual
Page 24: Traversal
Administrator Guide for Polycom QDX 6000 System
2 - 12
H.460 NAT Firewall Traversal
You can configure Polycom QDX 6000 systems to use standards-based
H.460.18 and H.460.19 firewall traversal, which allows video systems to more
easily establish IP connections across firewalls.
The following illustration shows how a service provider might provide H.460
firewall traversal between two enterprise locations. In this example the
Polycom Video Border Proxy™ (VBP™) firewall traversal device is on the
edge of the service provider network and facilitates IP calls between Polycom
QDX 6000 systems behind different firewalls.
To use this traversal, Polycom QDX 6000 systems and firewalls must be
configured as follows:
• Enable firewall traversal on the Polycom QDX 6000 system.
a.
Go to System > Admin Settings > Network > IP > Firewall.
b.
Select Enable H.460 Firewall Traversal.
• Register the Polycom QDX 6000 system to an external Polycom VBP
device that supports the H.460.18 and H.460.19 standards.
• Make sure that firewalls being traversed allow Polycom QDX 6000
systems behind them to open outbound TCP and UDP connections.
— Firewalls with a stricter rule set should allow Polycom QDX 6000
systems to open at least the following outbound TCP and UDP ports:
1720 (TCP), 14085-15084 (TCP) and 1719 (UDP), 16386-25386 (UDP).
— Firewalls should permit inbound traffic to TCP and UDP ports that
have been opened earlier in the outbound direction.
Visit the Polycom Security section of the Knowledg
timely security information. Systems deployed outside a firewall are potentially
vulnerable to unauthorized access. You can also register to receive periodic email
updates and advisories.
Gatekeeper
IP Network
System with
Enterprise Location A
Enterprise Location B
Service Provider
Polycom VBP device
Traversal Enabled
System with
Traversal Enabled
that Supports H.460.18
and H.460.19