Cloud Connect
Easymeeting’s Cloud Connect
service was built to solve firewall issues and increase compatibility when using your video conferencing system.
Cloud Connect’s built-in firewall traversal allows you to maintain existing security measures with minimal to no changes on your existing firewall and includes an H.323 spam filter that blocks unwanted calls. It uses global ITU-T standard H.460.18 and H.460.19, which means you can use it with any hardware or software supporting H.460 gatekeeper registration.
Cloud connect will also help with SIP and H323 spam.
Please go to Cloud Connect Firewall Traversal to know more and get infomation witch ports you need to open if you use a firewall traversal.
Use the arrow keys on the remote control to navigate.
The OK button in the middle of the arrows is used to confirm choices you do.
- Press the «Menu» button on the remote controller and navigate to «Network -> H.323»
2.Enable Gatekeeper and register to Easymeeting.net
- Gatekeeper IP address: 109.239.231.240
- RAS Port: 1719
- EasyNumber(E164): The H323 Extension(E.164) assigned in the confirmation email from Easymeeting.net.
- Name(H323): The H323 Name assigned in the confirmation email from Easymeeting.net.
- Password: «Leave empty»
- H.460: Enable
Press KEYB on your remote controller to toggle between letters and numbers.
Press «Return» on your remote when finished, and press OK on each selection to Save.
Return to main menu and start calling by EasyNumbers.
Note: A green icon under «GK» on the bottom right of the main screen indicates that registration was successful.
You may test your registration by calling 900.
Works with Any Firewall and Endpoint
Cloud Connect are built to solve many firewall issues and to allow you to maintain existing security measures with none or minimal changes to existing firewall. It uses the global ITU standard H.460.18 and H.460.19, which means that you can use it with any hardware or software supporting H.460 gatekeeper registration.
How does it work?
Your video conferencing system will receive a local IP address from your DHCP server when you plug it in to your network. Your endpoint will instruct your firewall to keep an open connection (a pinhole) to our server as soon as you register to the Easymeeting Cloud Services.
This pinhole in the firewall is used when someone from the outside your network try to call you. Your video conferencing system will recognize that it’s an incoming video call and then again ask your firewall to open the required ports for audio/video/data. The same thing happens when you try to place a call from your video conferencing system on the inside of your firewall to someone on the outside. But this is kind of easier since the connection is initiated from the inside of your firewall where the firewall isn’t that picky.
Most firewalls on the market today work with H.460 video conferencing without any configuration at all. But make sure that firewalls being traversed allow your video conferencing systems behind them to open outbound TCP and UDP connections. And if you should have any issues, first make sure that H.323 protocol-aware features are disabled on firewalls being traversed.
Firewalls with a stricter rule set should allow video conferencing systems to open at least the following:
Video Conferencing System → Easymeeting =UDP 1719 (registration)
Video Conferencing System → Easymeeting =TCP 1720 (call setup)
Video Conferencing System → Easymeeting =TCP 30000-39999 H.245
Video Conferencing System → Easymeeting =UDP 50000-59999 RTP Media
This is a subscription you can get from Easymeeting. Please contact Easymeeting for more information about pricing.
FIREWALL RECOMMENDATIONS & GUIDELINES
When configuring a video conferencing system, please ensure any H.323 protocol inspection engines are disabled. This includes, but is not limited to, H.323, H.245, H.239 and H.225 inspection. Having these protocol inspection engines enabled usually causes more problems than good, often resulting in significant packet loss. Please check with your firewall manufacturer on how you can disable H.323 inspection.
Also ensure that you don’t have any pre-existing rules or services that may conflict with the recommendations given below. We suggest that new, bi-directional rules for the ports listed below are created and clearly indicated for future reference.*
For firewall information regarding your web browser or Easymeeting Desktop, please read our helpdesk article: Our company is behind a very strict firewall, can I still join using my web browser (WebRTC) or Easymeeting Desktop?
THE FOLLOWING OPTIONS EXIST, PLEASE PICK ONE:
OPTION 1
Video system outside the firewall with public IP address:
Since the video system is outside of the firewall, no configuration in necessary. We do not recommend this configuration for permanent installations and only recommend it for troubleshooting or demonstration purposes. While outside the firewall, your system’s web admin interface will be exposed to the Internet and you’ll have an increased exposure to video conferencing SPAM.
Easymeeting does offer a SPAM filter with our Cloud Connect subscription. If you are interested in learning more, please contact sales@easymeeting.net.
OPTION 2
Video system located in a DMZ:
You will need to create a static 1-to-1 NAT policy from the public side of your firewall to the semi-private side of the DMZ. Some firewalls require you to create an additional policy to translate the semi-private DMZ to the public side of your firewall.
Please reference the table, “H323 Firewall Ports Used for Audio/Video/Data” to get a list of ports you should enable bi-directionally on your firewall and “Endpoint Settings” below to ensure you’ve enable Static NAT for your video system.
If you’re video system is not listed in the table below, please check with your hardware manufacturer.
OPTION 3
Endpoint located on private network:
This configuration has the video conferencing endpoint on your private network. You will need to create a static 1-to-1 NAT policy from the public side of your firewall to the private side of the LAN. Some firewalls require you to create an additional policy to translate the private LAN to the public side of your firewall.
Please reference the table, “H323 Firewall Ports Used for Audio/Video/Data” to get a list of ports you should enable bi-directionally on your firewall and “Endpoint Settings” below to ensure you’ve enable Static NAT for your video system.
If you’re video system is not listed in the table below, please check with your hardware manufacturer.
OPTION 4
Easymeeting’s Cloud Connect Services:
Sometimes, companies don’t have the technical resources to configure complicated firewalls. With Easymeeting.net’s Cloud Connect, you can seamlessly integrate your video conferencing systems into the Easymeeting Cloud and with other video conferencing devices across the globe. To receive more information about Easymeeting Cloud Connect services, please contact sales@easymeeting.net or visit www.easymeeting.net/cloudconnect.
*Please note, Easymeeting cannot be responsible for the configuration of your firewall/router. This information is intended as a guideline to help you realize all features of the Easymeeting service.
H323 FIREWALL PORTS USED FOR AUDIO/VIDEO/DATA
Refer to your system user manual for complete list of ports in use by your specific end point.
| System | TCP | UDP |
|---|---|---|
| All systems | 80 & 443 (Remote management – Optional) 1720 (H.323 call setup) | 1719 (Gatekeeper registration) |
| Cisco | 5555-5574 (audio/video/data) | 2326-2485 (audio/video/data) |
| LifeSize | 60000-64999 (audio/video/data) | 60000-64999 (audio/video/data) |
| Polycom (when configured with «fixed ports») | 3230-3243 (audio/video/data) 21 (for software updates) | 3230-3290 (audio/video/data) |
| Radvision (when configured with «fixed ports») | 3230 – 3242 (audio/video/data) | 3230 – 3287 (audio/video/data) |
| Sony | 2253-2255 (audio/video/data) | 49152-49239 (audio/video/data) |
| Tandberg | 5555 – 5574 (audio/video/data) 21 (software update) | 2326 – 2385 (audio/video/data) (2326 – 2485 for internal multipoint units) |
| TWS | 3230 – 3280 (audio/video/data) | 3230 – 3280 (audio/video/data) |
| Yealink | 30000 – 39999 50000 – 50499 (audio/video/data) | 30000 – 39999 50000 – 50499 (audio/video/data) |
| ZTE | 3230 – 3280 (audio/video/data) | 3230 – 3280 (audio/video/data) |
ADDITIONAL VIDEO SYSTEM SETTINGS
WHEN USING OPTIONS 2 & 3, PORT FORWARDING: If your system isn’t listed, or you are unsure how to properly configure your system, please refer to your system user manual or hardware manufacturer for assistance with configuring Static NAT.
Easymeeting TWS video systems
* Navigate to Settings -> Network -> Firewall
* Static NAT Traversal = Enabled
* Public IP Address = [Enter the NAT public IP address]
LifeSize Express series video systems
* System Menu –> Administrator Preferences –> Network –> NAT
* Enable Static NAT, and enter the public IP address of the firewall in the «NAT Public IP Address»
Polycom video systems
* Admin Setup -> Network -> IP Network
* Fixed Ports: On (checked)
* NAT Configuration: AUTO or choose MANUAL to enter the address if the system can’t find NAT Public (WAN) address automatically.
* NAT is H.323 Compatible: Off (not checked)
Radvision XT1000 series video systems
* Settings -> Network -> Preferences -> Dynamic Ports
* Auto Detect (TCP) = Disabled
* Auto Detect (UDP) = Disabled
* Settings -> Networks -> Preferences -> NAT
* NAT Traversal = Enabled
* NAT Discovery = Manual
* Public IP Address = [Enter the NAT public IP address]
Yealink video systems
* Navigate to Menu->Advanced->NAT/Firewall
* NAT Type = Manual
* Public IP Address = [Enter the NAT public IP address]
ZTE T700 video systems
* Navigate to Settings -> Network -> Firewall -> H323
* NAT Mode = Static NAT
* NAT Address = [Enter the NAT public IP address]
NETWORK GUIDELINES
These recommended network guidelines are intended to allow you to obtain the best experience when accessing the Easymeeting services. Video performance and quality of experience is directly related to network performance, should a network link be unreliable or give intermittent performance, this can have the same impact on your video experience.
BANDWIDTH (BI-DIRECTIONAL)
- Minimum bandwidth requirements for Standard Definition (SD) video conferencing, including PC, Mac, and Mobile: 384kbps
- Recommended bandwidth requirements for Standard Definition (SD) video conferencing, including PC, Mac, and Mobile : 768kbps
- Minimum bandwidth requirements for High Definition (HD) video conferencing, including PC, Mac, and Mobile: 1024kbps
- Recommended bandwidth requirements for High Definition (HD) video conferencing, including PC, Mac, and Mobile: 1536kbps
PACKET LOSS
Packet loss should be less than 1%. Anything higher will result in pixelated images within the video call; “video artifacts” as we like to call them. 1% is noticeable while 5% is intolerable.
NETWORK DUPLEX MODE
Set the switchport and the video conference system to full duplex. Duplex mismatch is the number one cause of packet loss and video freezing.
LATENCY (DELAY)
Intermediate routers may prioritize the video and audio packet sizes differently, creating differing transit times. In severe cases, audio and video packets become out of sync, resulting in video motion not “lining up” with audio spoken in a video call.
- 0 – 150 ms : recommended
- 150 – 299 ms : acceptable
- 300 – 400 ms : not recommended
- 400 ms : unacceptable
JITTER
The term ‘jitter’ refers to the variation in timing of the picture as packets are received, buffered, and distributed to the screen as the available bandwidth changes. An increase in jitter caused by an underpowered network connection can cause “skipping” or “freezing” of a picture. It is recommended to have jitter below 20 milliseconds.
QUALITY OF SERVICE
Quality of Service (QoS) maps or tags certain traffic with varying degrees of priority. If you wish to implement QoS for the voice and video applications with your network, please ensure they are tagged for the highest priority configurable. Please be aware that QoS doesn’t work over the public Internet to the Easymeeting services.
APPLICATION LAYER GATEWAY, H.323 PROXY OR OTHER “FIREWALL-HELPERS“
Most firewalls have an application filter making H.323 easier to work with and they all go by different names, depending on the vendor. In most environments, it’s HIGHLY recommended they are disabled.
