- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
12-13-2016 06:31 AM
Hi All,
Having issue using Polycom mobile.
On our side: No video and audio
On Dialed no: Video and Audio is working
we translate trust network to a specific public address and allow
Policy:
trust network -> untrust to any destination and service.
Untrust (public address of peer) -> Trust any destination and service.
Palo Alto ALGs - Disabled
If we have this NAT traversal issues in VoIP communications how can we solve this?
Based on my research possible that the outside address of the packet get translated, not the inside contents.
Thank you
12-13-2016 09:56 AM
It sounds like you are utilizing a NAT that looks similar to the one I've screenshoted, but directly to one public IP. If that's the case then you are likely hitting a session issue as the Polycom software is going to try and open ports that you have not already started a session with and the firewall doesn't know where to send those packets.
When utilizing video conferencing services it's best to do a static NAT or PAT and build security policies around it. Just from past experiance working with Polycome Realpresence I can tell you that you are running into a port access issue. I'll look in my documentation and see if I still have what ports the software needed from the last time I worked with it. But most importantly if you only have 1 Public IP address and you can't seperate this out you'll likely never have a good experiance without a PAT pointing things back to your RealPresence device.
12-13-2016 07:38 PM
Translation work fine on the device. thanks
12-13-2016 07:41 PM
Created a Static nat (Bi-directional) from my realpresence private to 1 specific public address, will run another test later.
12-19-2016 08:01 AM
I'm not sure why you are raising this again? You said that you configured a static bi directional NAT and would run some tests, what did you discover during your tests? With the static NAT are you still experiancing the issue or not, if you remove the security policies from the NAT address and allow all traffic does the issue go away or is it still present, and lastly have you tried this on another network to make sure that this isn't an issue with your RealPresence install/settings.
12-23-2016 04:23 AM
I supported a similar setup a few years ago. Basically these systems create random high port streams to send the audio and video data. As you can see from your symtoms the control is setup but some of these streams are blocked.
Option 1: get the ALG to work - the ALG is designed to recognize the needed ports are part of an approved session and open a pinhole for that traffic to come back into the firewall on these random ports. You need to know which system H323 or SIP your system is using. then follow the policy setup instructions so the traffic can correctly hit the ALG.
Option 2: Open the wide range of ports - your system will designate a range of high ports for these streams to the device. If you can't get the ALG to work you will need to open the entire range of ports to permit in from untrust to your device the possible audio/video feeds. Find the configuration where this port range is set and create the inbound allow policy.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!