Configure firewall

Web service HTTP and HTTPS traffic

For normal HTTP and HTTPS web traffic on standard ports, the preferred method for whitelisting is by wildcard domain name, specifically allowing outbound traffic to any *.lifesizecloud.com and *.lifesize.com URL in your web proxy server or equivalent networking appliance.

Lifesize lists the subdomains it uses. Customers will be notified at least seven (7) days prior to an update of the subdomain list.

Media and other traffic

For any element of the service that requires traffic other than HTTP and HTTPS, Lifesize maintains a Domain Name Service (DNS) record that contains all of the public IP addresses for that service that have the same port requirements. Lifesize updates these DNS records with IP address changes as they occur. Customers can configure their firewalls once to query the DNS records and update their configuration dynamically as the DNS records are updated. Many firewalls have a different implementation of this capability. For example, Cisco ASA devices can be configured using the FQDN ACL feature.

The Time-To-Live (TTL) of the DNS records is configured based on the expected frequency of changes to each service. While various firewalls can set the lifetime of a DNS record rather than use the TTL, doing so will likely cause connectivity issues with the Lifesize cloud service and is not recommended.

All DNS records for Lifesize are hosted in the Route53 service in Amazon Web Services (AWS). AWS Route53 is deployed worldwide and provides a reliable, secure DNS implementation with excellent performance.

See Open Network Ports for more firewall information.