Hot!Video Conferencing Setup

Author
jarry
New Member
  • Total Posts : 6
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/07/18 14:23:36
  • Status: offline
2019/10/03 14:46:43 (permalink)
0

Video Conferencing Setup

We have a Fortigate 80E firewall in our environment. We recently acquired a LifeSize Express 220 video conferencing unit that I need to setup. I am newbie at configuring firewalls so my question is the following. Should I setup the video conferencing device on the DMZ port or is hook up to an available port on the internal network?  
post edited by jarry - 2019/10/03 14:48:11
#1

7 Replies Related Threads

    mjcrevier
    New Member
    • Total Posts : 18
    • Scores: 0
    • Reward points: 0
    • Joined: 2014/04/28 18:04:36
    • Status: offline
    Re: Video Conferencing Setup 2019/10/03 16:29:26 (permalink)
    0
    If you're using the default internal interface "lan", you can connect to any of the internal ports.
    #2
    Dave Hall
    Expert Member
    • Total Posts : 1504
    • Scores: 165
    • Reward points: 0
    • Joined: 2012/05/11 07:55:58
    • Location: Canada
    • Status: offline
    Re: Video Conferencing Setup 2019/10/07 13:51:55 (permalink)
    0
    Hi Jerry.
     
    Glancing at a general VC unit setup (was not able to locate a PDF manual for the model in question, though) from LifeSize's support site, it seems you can set up the VC unit on the DMZ, assuming you have a public IP or on the LAN via port forwarding.  (The LAN/Port forwarding seems to be more complicated in making out bound calls, though.)
     
    Your best bet maybe to contact LifeSize's support and/or consult their setup guide on what is required for setting up the VC unit behind a router.  I was able to find this guide, but don't know how useful it would be.
     

    NSE4/FMG-VM64/FortiAnalyzer-VM/5.4/6.0 (FWF40C/FW92D/FGT200D/FGT101E)/ FAP220B/221C
    #3
    jarry
    New Member
    • Total Posts : 6
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/07/18 14:23:36
    • Status: offline
    Re: Video Conferencing Setup 2019/10/09 09:48:29 (permalink)
    0
    I placed the VC unit on the DMZ and the unit still fails to register. [image]c:\users\[/image]I am not sure if I am missing a policy or if I even created the correct policies. This is what I did.
     
    For the DMZ interface I gave it an ip of 192.168.5.1
    DHCP Server range - 192.168.5.2 - 192.168.5.5
    The VC unit picked up ip 192.168.5.2
     
    Inbound rule
    Incoming Interface - Centurlyink (wan1)
    Outgoing Interface - DMZ (dmz)
    Source All - (for now to test then I want to restrict it to what is only needed)
    Destination - LIfesize Express 
    Schedule - Always
    Service - All
     
    Internal rule
    Incoming Interface - Internal (lan)
    Outgoing Interface - DMZ (dmz)
    Source - DMZ(dmz)
    Destination - Centurylink (wan1)
    Schedule Always
    Service All
     
     
    These are the other docs that lifesize sent me. 
     https://www.lifesize.com/en/help/admin-console/get-started/configure-firewall/open-ports
     
    https://www.lifesize.com/~/media/Documents/Product%20Documentation/Video%20Systems/Guides%20and%20Reference/Video%20User%20Administrator%20Guide%2048%20EN.ashx
    Pages 39-42
    #4
    Dave Hall
    Expert Member
    • Total Posts : 1504
    • Scores: 165
    • Reward points: 0
    • Joined: 2012/05/11 07:55:58
    • Location: Canada
    • Status: offline
    Re: Video Conferencing Setup 2019/10/09 13:14:16 (permalink)
    0
    Sticking the VCU on the DMZ is fine, but what you are trying to do is pretty much NAT - you will need to set up port forwards (from WAN to DMZ).  In Fortinet speak, this is called VIPs.  Also you really do not want to send any/all traffic hitting the WAN port and directing it to the DMZ port.
     
    An example of port forwards is this old Polycom list from about eight years ago, on an 80CM running old firmware - the VCU was assigned a static IP 192.168.93.40.   These VIPS were then placed in a group and used in the dest address of a WAN to LAN firewall rule.
     
     
     
    The above was only used once and had we so much problems that we just ended up installing a small switch between the ISP gateway device and fgt and giving the VCU a "public IP" and connecting it to this switch.
     

    Attached Image(s)


    NSE4/FMG-VM64/FortiAnalyzer-VM/5.4/6.0 (FWF40C/FW92D/FGT200D/FGT101E)/ FAP220B/221C
    #5
    jarry
    New Member
    • Total Posts : 6
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/07/18 14:23:36
    • Status: offline
    Re: Video Conferencing Setup 2019/10/09 13:21:14 (permalink)
    0
    Thank you, I will try this.
    #6
    Dave Hall
    Expert Member
    • Total Posts : 1504
    • Scores: 165
    • Reward points: 0
    • Joined: 2012/05/11 07:55:58
    • Location: Canada
    • Status: offline
    Re: Video Conferencing Setup 2019/10/09 14:06:53 (permalink)
    0
    The example I have provided is for an older Polycom unit - you have to consult the Lifesize Express manual(s) to see what ports you need to open/forward if decide to go that route.  Also be mindful on port security (as indicated in that manual).  
     
    jarry
    Thank you, I will try this.




    NSE4/FMG-VM64/FortiAnalyzer-VM/5.4/6.0 (FWF40C/FW92D/FGT200D/FGT101E)/ FAP220B/221C
    #7
    jarry
    New Member
    • Total Posts : 6
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/07/18 14:23:36
    • Status: offline
    Re: Video Conferencing Setup 2019/10/09 15:04:34 (permalink)
    0
    Will do,
     
    Thanks again
    #8
    Jump to:
    © 2019 APG vNext Commercial Version 5.5