Allocate an external, public static IP address to use for the VidyoPortal and VidyoRouters and configure a one-to-one NAT statement to the desired private or DMZ static IP address. In cases where the internal network is NATed to the DMZ, a similar static NAT must be configured from the static private LAN to the Static DMZ server addresses.
With the NAT configured, you’ll need to permit access to the TCP and UDP ports needed by the Vidyo solution. In the firewall access-control list, be sure to open these ports as a minimum:
- Inbound TCP Port 80 – web access to the VidyoPortal and administrative interfaces
- Inbound TCP Port 443 – optional for SSL secured web access and calls
- Inbound TCP Port 17992 – EMCP protocol client connection to VidyoManager and VidyoPortal (configurable)
- Inbound TCP Port 17990 – SCIP protocol client connection to VidyoRouter (configurable)
- Bi-Directional UDP Port 50000 – 65535– RTP and SRTP media, one RTP and RTCP port pair for each audio, video, data sharing stream in the conference
Lastly, it’s beneficial to check the UDP timeout for the firewall. Some firewalls limit the duration of UDP port openings, and this may cause the calls to terminate prematurely.