Cisco Cisco TelePresence Video Communication Server Expressway 관리 매뉴얼
Firewall traversal
Cisco VCS Administrator Guide (X7.1)
Page 228 of 479
Firewall configuration
For Expressway firewall traversal to function correctly, the firewall must be configured to:
n
allow initial outbound traffic from the client to the ports being used by the VCS Expressway
n
allow return traffic from those ports on the VCS Expressway back to the originating client
Cisco offers a downloadable tool, the Expressway Port Tester, that allows you to test your firewall
configuration for compatibility issues with your network and endpoints. It will advise if necessary which ports
may need to be opened on your firewall in order for the Expressway™ solution to function correctly. The
Expressway Port Tester currently only supports H.323. Contact your Cisco representative for more
information.
configuration for compatibility issues with your network and endpoints. It will advise if necessary which ports
may need to be opened on your firewall in order for the Expressway™ solution to function correctly. The
Expressway Port Tester currently only supports H.323. Contact your Cisco representative for more
information.
Note: you are recommended to turn off any H.323 and SIP protocol support on the firewall: these are not
needed in conjunction with the Expressway solution and may interfere with its operation.
needed in conjunction with the Expressway solution and may interfere with its operation.
The
pages (under
Maintenance > Tools > Port usage
) show, in table format, all the IP ports that
are being used on the VCS, both inbound and outbound. This information can be provided to your firewall
administrator so that the firewall can be configured appropriately.
administrator so that the firewall can be configured appropriately.
Configuring traversal for endpoints
Traversal-enabled H.323 endpoints can register directly with the VCS Expressway and use it for firewall
traversal.
traversal.
The
Locally registered endpoints
page (
VCS configuration > Expressway > Locally registered
endpoints
) allows you to configure the way in which the VCS Expressway and traversal-enabled endpoints
communicate.
The options available are:
Field
Description
H.323 Assent
mode
mode
Determines whether or not H.323 calls using Assent mode for firewall traversal are allowed.
H.460.18 mode Determines whether or not H.323 calls using H.460.18/19 mode for firewall traversal are
allowed.
H.460.19
demux mode
demux mode
Determines whether the VCS Expressway operates in demultiplexing mode for calls from
locally registered endpoints.
locally registered endpoints.
On: allows use of the same two ports for all calls.
Off: each call uses a separate pair of ports for media.
H.323
preference
preference
Determines which protocol the VCS Expressway uses if an endpoint supports both Assent and
H.460.18.
H.460.18.
UDP probe
retry interval
retry interval
The frequency (in seconds) with which locally registered endpoints send a UDP probe to the
VCS Expressway.
VCS Expressway.
UDP probe
retry count
retry count
The number of times locally registered endpoints attempt to send a UDP probe to the VCS
Expressway.
Expressway.