Configuring your firewall

This section explains how to configure your Lifesize video systems for firewall traversal as a stand-alone H.323/SIP device. This section is not applicable for customers who are using a firewall traversal product, such as UVC Transit or UVC ClearSea, or have a subscription to the Lifesize cloud-based service.

  • If you are using UVC Transit, refer to the Lifesize UVC Transit Deployment Guide. If you are using UVC ClearSea, refer to the Lifesize UVC ClearSea Deployment Guide.
  • If your Icon is connected to the Lifesize cloud-based service, refer to the online help available here.
Call setup and media ports
Restricting reserved ports

 

Placement behind a firewall

Lifesize recommends that you place your system behind a firewall. Use one of the following options:

DMZ with public IP address Placing your video systems in the DMZ allows you to assign public IP addresses. This configuration makes it easier for your system to connect with public video systems on the Internet.
Private LAN with NAT Placing your video systems in the private LAN with Network Address Translation (NAT) obscures their private IP addresses, but makes calls with systems outside of your network more complicated.

 

Port Security

Lifesize Icon video systems are network devices that offer different services and protocols for different purposes. Not all of these should be accessible from outside of your organization or network, such as access to the administrative functions of the device or SSH terminal access. To maintain security and help prevent unwanted malicious exploitation or attack, at a minimum, Lifesize recommends blocking external or inbound access to the following ports:

  • 22 (SSH)
  • 80 (HTTP)
  • 443 (HTTPS)
  • 554 (RTSP)
  • 10008 (REST API service if UVC Manager manages your system)

Lifesize recommends that these ports remain open for internal administrator access. Ensure that you change the default administrator password to be secure.

NOTE: Change the administrator password in the web interface in Preferences > Passwords. You can disable SSH and web access on the system in Preferences > Security.

Refer to Anti-spam filtering for more information about preventing unsolicited and nuisance calls.