• ×
    Information
    Windows update impacting certain printer icons and names. Microsoft is working on a solution.
    Click here to learn more
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
  • ×
    Information
    Windows update impacting certain printer icons and names. Microsoft is working on a solution.
    Click here to learn more
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
Guidelines
The HP Community is where owners of HP products, like you, volunteer to help each other find solutions.
HP Recommended

At our organisation we currently run a set of 4 Realpresence group 500 VC endpoints across 4 sites with one site having a multipoint licence.

 

For ease of admin we've had all four set up with dedicated ADSL/Cable internet connections (each with a static IP) and with the units in the DMZ/no firewall, so they could all contact each other and outside VC endpoints via the internet without any port filtering. This is obviously insecure but no other equipment was on those connections, only the VC units. 

 

We've now restructured our network and have created a specific VLAN (behind a firewall) across our sites for our VC kit to connect to. Our problem is working out how to allow external connections to the VC endpoints over the internet (i.e. breaking out of the firewall)

 

First off, is there any way of sharing a single external IP between all four VC endpoints? We don't have any gatekeeper equipment, only cisco meraki firewalls. 

 

Secondly, I've read the pinned/FAQ post regarding opening firewall ports for VC endpoints, but I'm now rather confused. Do I need to open all the inbound/outbound ports listed in this post (including the dynamic ranges)? We're using H.323 rather than SIP, does this make a difference?

1 REPLY 1
HP Recommended

Hi @rhyds,

 

you can´t use several GS500 behind one public IP without a gatekeeper like Polycom VBP. How should your Firewall/Router differentiate the calls and forward it to the right GS500?

Same as here: https://community.polycom.com/t5/General-Networking/Multiple-devices-behind-firewall-with-one-public...

 

All ports you realy need you´ll see under admin settings > network > ip network > firewall. Check "Fixed Ports" and use all ports you see there (In and Outgoing), plus 1720 TCP. That´s all for H.323. For SIP you must open either UDP port 5060, TCP 5060, or TCP 5061 depending on whether you are using UDP, TCP, or TLS as the SIP transport protocol.

Here are many threads about this topic, search for it.

† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the <a href="https://www8.hp.com/us/en/terms-of-use.html" class="udrlinesmall">Terms of Use</a> and <a href="/t5/custom/page/page-id/hp.rulespage" class="udrlinesmall"> Rules of Participation</a>.