Firewall Traversal
Contact TKO's Technical Team for immediate help with H.460
firewall traversal issues.
Email or call 1-800-216-3476.
Tips and Training >> Definitions >> Firewall Traversal
What is a Firewall in Video Conferencing Applications?
In order to understand firewall traversal, first we need to review what a firewall is in the context of video conferencing. In concept, a firewall is a barrier between a dangerous area and a safe area. The term firewall is literally from the concept of creating a barrier for fire such as a garage wall in a home. Generally the code requirements and building standards for a garage wall that separates automobiles and fuel from the living area of a home are higher than the building requirements for interior walls within the living space or "safe area" of a home.
Similarly, a firewall in video conferencing separates video systems that reside on the safe area of a network which is generally the interior local area network from outside danger areas such as the Internet. A firewall, in this case, is installed primarily to protect local area network computers from unknown users on the Internet. If a video conferencing system is connected to a local area network that is protected by a firewall, then the video system is considered to be "behind the firewall". The Internet is generally considered to be "outside" the firewall.
What does a Firewall do on a network?
A firewall is a logical and often a physical barrier and it can take many forms. On your personal computer, a firewall may be just software while on a computer network at a business office, a firewall is likely a device or special software on a device such as a router.
The firewall's job is to permit or deny packet based transmissions based on a set of rules. While there may be wide variety of ways in which a firewall may be connected to a network logically or physically, the job of a firewall is always to manage the set of rules that allow packets to pass between the inside (or behind) of the firewall and the outside of the firewall.
The set of rules a firewall follows are called its Policies.
How is a Firewall related to H.323?
The H.323 set of ITU recommendations describes methods to provide video conferencing connections using packet networks. Firewalls administer policies on packet networks that either allow or disallow packets to flow between the inside of a network and outside. Therefore, firewalls are 100% in the line of communications between video conferencing systems when making an IP (H.323) connection.
Often, if a video conference call connects with video and audio flowing only in one direction, a firewall's policies are inhibiting packet flow. Firewalls can, and often do, impact the ability to hold a successful video conference on an IP network.
What is Firewall Traversal (H.460)?
H.323 describes the methodology for transmitting multimedia from video conferencing systems over packet based connections such as the Internet or a business local area network. Firewalls administer policies on such networks to protect safe areas from unknown areas such as the Internet.
H.460 is a set of extensions to the ITU H.323 standard that include methods to traverse firewalls. Devices that use H.460 implement a set of security policies that a firewall can be configured to accept. In so doing, videoconference endpoints can communicate across a firewall.
Manufacturers such as Polycom, LifeSize and Tandberg/Cisco all include H.460 products in their product line. Example products include: Polycom V2IU, Polycom Video Border Proxy, LifeSize Transit, Tandberg Expressway. These devices when communicating with H.460 compliant video conferencing systems can enable firewall traversal even with a tightly administered set of firewall policies.
Are there alternatives to H.460?
Implementation of H.460 requires knowledgeable staff members to both configure video conferencing endpoints and especially to manage the H.460 policy system such as the LifeSize Transit or Tandberg/Cisco Expressway.
It is also possible to create a video conferencing hole in a set of firewall policies in such a way as to enable multimedia packets (H.323) to traverse a firewall. Setting certain audio and video ports to have liberal firewall policies, or "opening" these ports can enable video conferencing systems to traverse a firewall without the use of an H.460 device.
Contact TKO for help today
