Grey Headline (continued)
Firewall Traversal Protocols and Ports
TANDBERG VIDEO COMMUNICATIONS SERVER ADMINISTRATOR GUIDE
Overview |
| Expressway Process |
| H.323 Firewall Traversal Protocols |
|
|
|
|
|
Ports play a vital part in firewall traversal configuration. The correct ports must be set on the VCS Expressway, traversal client and firewall in order for connections to be permitted.
Ports are initially configured on the VCS Expressway by the VCS Expressway Administrator. The firewall administrator and the traversal client administrator should then be notified of the ports, and they then must then configure their systems to connect to these specific ports on the server. The only port configuration that is done on the client is the range of ports it uses for outgoing connections; the firewall administrator may need to know this information so that if necessary they can configure the firewall to allow outgoing connections from those ports.
The Expressway™ solution works as follows:
1.Each traversal client connects via the firewall to a unique port on the VCS Expressway.
2.The server identifies each client by the port on which it receives the connection, and the Authentication credentials provided by the client.
3.Once established, the client constantly sends a probe to the VCS Expressway via this connection in order to keep the connection alive.
4.When the VCS Expressway receives an incoming call for the client, it uses this initial connection to send an incoming call request to the client.
5.The client then initiates one or more outbound connections. The destination ports used for these connections will differ for signaling and/or media, and will depend on the protocol being used (see the following sections for more details).
The VCS supports two different firewall traversal protocols for H.323: Assent and H.460.18/H.460.19.
•Assent is TANDBERG’s proprietary protocol.
•H.460.18 and H.460.19 are ITU standards which define protocols for the firewall traversal of signaling and media respectively. These standards are based on the original TANDBERG Assent protocol.
In order for a traversal server and traversal client to communicate, they must be using the same protocol.
The two protocols each use a slightly different range of ports.
SIP Firewall Traversal Protocols
The VCS supports the Assent protocol for SIP firewall traversal of media.
The signaling is traversed through TCP/TLS connection established from the client to the server.
Introduction | Getting Started |
| Overview and |
| System |
| VCS |
| Zones and |
| Call |
| Bandwidth | Firewall | Maintenance |
| Appendices |
| Status |
| Configuration |
| Configuration |
| Neighbors |
| Processing |
| Control | Traversal |
| ||||
|
|
|
|
|
|
|
|
|
|
| |||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
D14049.03 |
|
|
|
|
|
|
|
| 148 |
|
|
|
|
|
| ||
MAY 2008 |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |||
