User`s guide
Administrator’s Guide for Polycom HDX Systems
2 - 16
H.460 NAT Firewall Traversal
You can configure Polycom HDX systems to use standards-based H.460.18
and H.460.19 firewall traversal, which allows video systems to more easily
establish IP connections across firewalls.
The following illustration shows how a service provider might provide H.460
firewall traversal between two enterprise locations. In this example the
Polycom Video Border Proxy™ (VBP™) firewall traversal device is on the
edge of the service provider network and facilitates IP calls between Polycom
HDX systems behind different firewalls.
To use this traversal, Polycom HDX systems and firewalls must be configured
as follows:
• Enable firewall traversal on the Polycom HDX system.
1. Go to System > Admin Settings > Network > IP > Firewall > .
2. Select Enable H.460 Firewall Traversal.
• Register the Polycom HDX system to an external Polycom VBP device that
supports the H.460.18 and H.460.19 standards.
• Make sure that firewalls being traversed allow Polycom HDX systems
behind them to open outbound TCP and UDP connections.
— Firewalls with a stricter rule set should allow Polycom HDX systems
to open at least the following outbound TCP and UDP ports: 1720
(TCP), 14085-15084 (TCP) and 1719(UDP), 16386-25386 (UDP).
— Firewalls should permit inbound traffic to TCP and UDP ports that
have been opened earlier in the outbound direction.
Visit the Polycom Security section of the Knowledge Base at www.polycom.com for
timely security information. Systems deployed outside a firewall are potentially
vulnerable to unauthorized access. You can also register to receive periodic email
updates and advisories.
Gatekeeper
IP Network
System with
Enterprise Location A
Enterprise Location B
Service Provider
Polycom VBP device
Traversal Enabled
System with
Traversal Enabled
that Supports H.460.18
and H.460.19