Page 1 of 4

Firewall guideline (1/3)

Whichever model of firewall and/or router you use, you should make sure that any

H.323 and/or H.225 and/or H.245 inspection, fix-up, helpers, transformations, or

ALGs (Application Layer Gateways) are disabled. Also ensure that you don't have

any pre-existing rules or services that may conflict with the recommendations given

below. We suggest that new rules for the ports listed below are created and clearly

indicated for future reference. These rules should of course be open bi-directionally.

We recommend one of the following three options for implementing

videoconferencing systems (End Point) within your network:

OPTION 1: OPTION 1: OPTION 1: OPTION 1:

Endpoint outside the firewall with a public IP address:

No configuration necessary. However, we would recommend that your system is not configured to permit unauthorized access.

OPTION OPTION OPTION OPTION 2222: : : :

Endpoint within a DMZ with a public IP address:

InternetLocal Area Network

DMZ

Ensure that all TCP/UDPTCP/UDPTCP/UDPTCP/UDP ports in the range 1024 1024 1024 1024 –––– 65535655356553565535 is open for outbound traffic.

Open TCPTCPTCPTCP and UDPUDPUDPUDP ports specified for your system in the table in the next page to the public IP of your system.

Page 2 of 4

Firewall guideline (2/3)

OPTION OPTION OPTION OPTION 3333: : : :

End Point within the private LAN behind the firewall, using a private IP address and a public NAT address (* one separate public IP per system is required):

Ensure that all TCP/UDPTCP/UDPTCP/UDPTCP/UDP ports in the range 1024 1024 1024 1024 –––– 65535655356553565535 is open for outbound traffic.

Forward TCPTCPTCPTCP and UDPUDPUDPUDP ports specified for your system in the table below to the private IP of your system.

H323 H323 H323 H323 Firewall Ports used for audio/video/dataFirewall Ports used for audio/video/dataFirewall Ports used for audio/video/dataFirewall Ports used for audio/video/data

SystemSystemSystemSystem TCPTCPTCPTCP UDPUDPUDPUDP

All systemsAll systemsAll systemsAll systems 80 & 443 (Optional – In use for remote management only)

1720 (H.323 call setup) 1719 (Gatekeeper registration)

LifeSizeLifeSizeLifeSizeLifeSize 60000-64999 (audio/video/data) 60000-64999 (audio/video/data)

PolycomPolycomPolycomPolycom 3230-3243 (audio/video/data) 3230-3290 (audio/video/data)

21 (software update)

when configured for "fixed ports"

TandbergTandbergTandbergTandberg 5555 – 5574 (audio/video/data)

21 (software update)

2326 – 2385 (audio/video/data)

(2326 - 2485 for multipoint units)

RadvisionRadvisionRadvisionRadvision 3230 – 3242 (audio/video/data) 3230 – 3287 (audio/video/data)

when configured for "fixed ports"

ZTEZTEZTEZTE 3230 – 3280 (audio/video/data) 3230 – 3280 (audio/video/data)

SonySonySonySony 2253-2255 (audio/video/data) 49152-49239 (audio/video/data)

Refer to your system user manual for complete list of ports in use by your specific end point.

"Please note, easymeeting cannot be responsible for the configuration of your firewall/router. This document is intended as a guideline to help you realize all features of the easymeeting service."

Page 3 of 4

Firewall guideline (3/3)

If configured with option 3 (port forwarding)If configured with option 3 (port forwarding)If configured with option 3 (port forwarding)If configured with option 3 (port forwarding)::::

InInInIn conjunction with LifeSize end points:conjunction with LifeSize end points:conjunction with LifeSize end points:conjunction with LifeSize end points:

System Menu --> Administrator Preferences --> Network --> NAT Enable Static NAT, and enter the public IP address of the firewall in the "NAT Public

IP Address"

InInInIn conjunction with Polycom end points:conjunction with Polycom end points:conjunction with Polycom end points:conjunction with Polycom end points:

Admin Setup -> Network -> IP Network Fixed Ports: On (checked) NAT Configuration: AUTO or choose MANUAL to enter the address if the system

can’t find NAT Public (WAN) address automatically. NAT is H.323 Compatible: Off (not checked)

InInInIn conjunctionconjunctionconjunctionconjunction with Radwith Radwith Radwith Radvision XT1000 series endpoints:vision XT1000 series endpoints:vision XT1000 series endpoints:vision XT1000 series endpoints:

Settings -> Network -> Preferences -> Dynamic Ports Auto Detect (TCP) = Disabled Auto Detect (UDP) = Disabled

Settings -> Networks -> Preferences -> NAT NAT Traversal = Enabled NAT Discovery = Manual Public IP Address = [Enter the NAT public IP address]

Page 4 of 4

Duplex settings Switch Device

100/full duplex 10/Full Duplex 100/Full Duplex 100/Half Duplex 100/ Full Duplex Auto 100/Full Duplex 100/Full Duplex ☺☺☺☺ 10/Full Duplex 10/Full Duplex ☺☺☺☺ 100/Full Duplex 100/Half Duplex

Auto 100/Full Duplex Auto 100/Half Duplex Auto Auto ☺☺☺☺ Auto 10/Full Duplex Auto 10/Half Duplex

Network guideline

These recommended network guidelines are intended to allow you to obtain the best experience when accessing the easymeeting services. Video performance and quality of experience is directly related to network performance, should a network link be unreliable or give intermittent performance, this can have the same impact on your video experience.

BandwidthBandwidthBandwidthBandwidth (bi(bi(bi(bi----directional)directional)directional)directional)

• Acceptable audio/video quality in SD & PC/Mobile based videoconferencing: 384kbps • Good audio/video quality in SD & PC/Mobile based videoconferencing: 768kbps • Minimum bandwidth for HDHDHDHD videoconferencing: 1024kbps

Packet lPacket lPacket lPacket loss oss oss oss

Typical numbers for acceptable packet loss during a conference range from 0.1% to 2%.

Packet loss for high definition systems typically needs to be under

0.1% to remain unnoticed. 1% is noticeable while 5% is intolerable.

Network Network Network Network Duplex Duplex Duplex Duplex ModeModeModeMode

Duplex mismatch is the number one cause of packet loss and video

freezing. FULL duplex are required for videoconferencing.

Ensure that the endpoint is configured to match the switch port

duplex and speed capabilities. You should always use the same

duplex on the endpoint as at the port it is connected to.

Latency (Delay) Latency (Delay) Latency (Delay) Latency (Delay)

Audio packets are small, while video packets are large. Intermediate routers may prioritize the two

packet sizes differently, creating differing transit times so the audio and video packets become out of

sync. A typical rule of thumb for latency is < 300 ms round trip between endpoints before users in an

interactive call start to notice a delay between the speaker and the receipt of their words by the far

end participants.

0 – 150 ms : recommended

150 – 300 ms : acceptable

300 – 400 ms : not recommended

400 ms : unacceptable

Jitter Jitter Jitter Jitter

Jitter refers to unwanted variation when packets are received. If there is a traffic delay, data can be buffered accordingly; however, when the delay continues to change, processors get overloaded, driving up latency and packet loss. This can result in frozen or jerky appearance of the video or/and the audio. A good rule of thumb for jitter is less than 30msec for a high-quality videoconference experience.

ApplicaApplicaApplicaApplication Layer Gateway, H.323 proxy ortion Layer Gateway, H.323 proxy ortion Layer Gateway, H.323 proxy ortion Layer Gateway, H.323 proxy or other other other other ““““firewallfirewallfirewallfirewall----helpershelpershelpershelpers““““

Make sure that any H.323 and/or H.225 and/or H.245 inspection, fix-up, helper, transformations, or ALGs are disabled, and make sure that you don't use any pre-existing H.323 services that may be defined for the firewall rules; create new bi-directional rules for both port 1720 for H.323 and for the reserved (dynamic) ports.

Quality of ServiceQuality of ServiceQuality of ServiceQuality of Service

A best-effort network such as the public Internet does not support QoS. In a best effort network all users obtain best effort service, meaning that they obtain unspecified variable bit rate and delivery time, depending on the current traffic load. QoS will only work inside a private network where you have full control over the infrastructure between A and B.