Expiring Today—Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Port forwarding for inbound Polycom calls

Posted on 2011-09-25
5
Medium Priority
?
740 Views
Last Modified: 2012-05-12
What ports need to be forwarded to enable incoming Polycom calls?  I have a Polycom VSX7000e device receiving the calls.  I've found numerous white sheets and spoken to Polycom tech support.  (Their level of apathy is discouraging.)  The following ports look to be the most reasonable.  Has someone actually configured a firewall for incoming Polycom calls?  Do these values look correct?

http://support.polycom.com/global/documents/support/user/products/video/pvx_internet_intranet_calling.pdf
1.      1720 H.323 call setup TCP
2.      5060 SIP call setup TCP and UDP
3.      3230-3237 Signaling and control for audio, call, video, and data/FECC, TCP and UDP
4.      1503 (optional) T.120 data collaboration TCP


0
Comment
Question by:jdana
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
5 Comments
 
LVL 9

Expert Comment

by:user_n
ID: 36595426
Yes they lokk reasonable. For sip default port is usually 5060. But all this usually dependes from the configuration of the devices from the both site of the firewall. http://en.wikipedia.org/wiki/RTP_Control_Protocol

You can see for SIP the real ports that are used in wireshark and sdp.
 http://en.wikipedia.org/wiki/Session_Description_Protocol
http://www.cisco.com/en/US/docs/voice_ip_comm/sip/proxies/2.2/administration/guide/eflows.html
http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml
0
 

Author Comment

by:jdana
ID: 36596284
RockMod,

Much better.  Thanks
0
 
LVL 37

Accepted Solution

by:
ArneLovius earned 1000 total points
ID: 36923786
If you are using NAT, then for using H323 you also need to be using a H323 aware NAT device. This is because the endpoint addresses are also in the "payload" part of the packet as well as the packet header.

As a for instance a PIX running 6.3.5 will not work.

Looking at the rule set on a production ASA5510 with a VSX7000e that is just used in H323 mode, it is configured with a static NAT on the public address to the private address and then an ACL that allows inbound traffic to 1503, 1719, 1720 and 1731. Outbound traffic is not filtered.

If you do not have a H323 aware NAT "firewall" then you would need to either add an additional firewall, replace the existing firewall or run the VSX7000e on an external IP address. The "DMZ" function on most "residential" devices is usually only a full NAT and without the H323 aware ALG (Application Level Gateway) it will not work.

Any firewall that runs as a "filtering bridge" should be able to be configured.


0
 

Author Closing Comment

by:jdana
ID: 37011160
Wow!  Thanks!
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
This program is used to assist in finding and resolving common problems with wireless connections.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Suggested Courses

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question