Day 7: Working with Your Firewall Traversal Unit

This post continues our 20 Day Challenge to understand the technical aspects of videoconferencing.

Last week we discussed the two main ways to make videoconferencing work on your network. In today’s post, we look a little closer at the firewall traversal solutions.

Firewall Traversal

As a reminder, a firewall traversal box sits on the edge of the network, usually beside the firewall. Video traffic goes through the traversal box, and regular traffic goes through the firewall.

Some choices for this product include:

Benefits

The main reason to acquire a firewall traversal system is to securely pass video traffic through the firewall without reconfiguring your network.

Challenges

The main challenge of firewall traversal units is the problems it causes for receiving calls from other schools and content providers who aren’t on your network.

Working Around the Dialing Challenges

So, let’s say that your network has a firewall traversal unit and you can’t set up your videoconferencing any other way. Here are some tips for managing the dialing problems that will arise in regular use of curriculum videoconferencing. These dialing challenges are due to the necessity of receiving calls from off your network. Unfortunately some vendors and resellers continue to be stuck in the mode of thinking of a closed network, and provide advice to schools that doesn’t apply when they need to receive calls from other schools around the world.

Dial Out
First, realize that in most cases, you may need to dial out to the other site you want to connect to. Generally this isn’t a problem for connecting to content providers, most of whom are set up to receive a call to a direct IP address. However, as more schools use this method to set up videoconferencing, you may find schools you want to connect to who are also set up as dial out only; which means you may not be able to connect to them without using a bridge for you both to dial into.

Dialing Philosophies
Second, realize that Polycom and LifeSize prefer the IP##alias format; and Cisco-TANDBERG prefers the alias@IP or name@domain format. Because the standard isn’t well enough defined here, it leaves room for different implementations.

Polycom
If you have the Polycom Video Border Proxy (previously called V2IU), here are some tips:

  • Make sure it has the setting to translate the @ sign to a # sign. This will make it easier for Tandberg systems to call you.
  • If a newer Polycom system is calling you, they usually can dial the IP##alias format.
  • If a Tandberg system is calling you, have them dial the alias@IP format. (However, older Tandberg remotes do not have the @ sign easily accessible. If they are unable to use their web interface or address book for dialing, you may still have to dial out only to Tandberg sites.)
  • If a LifeSize system is calling you, they can do the IP##alias format.

If none of these work, you’ll have to call the other site or connect through a bridge.

Cisco-TANDBERG
If you have the Cisco-Tandberg Border Controller, here are some tips:

  • Polycom systems can dial the IP##alias format.
  • If a Tandberg system is calling you, have them dial the alias@IP format. (However, older Tandberg remotes do not have the @ sign easily accessible. If they are unable to use their web interface or address book for dialing, you may still have to dial out only to Tandberg sites.)
  • If a LifeSize system is calling you, they can do the IP##alias format.

If none of these work, you’ll have to call the other site or meet on a bridge.

LifeSize
If you have a LifeSize unit behind the LifeSize Transit, here are some tips:

  • Polycom systems can dial in using the IP##alias format.
  • Tandberg systems can dial in using the alias@IP format.
  • LifeSize can dial in using the IP##alias format.

If none of these work, you’ll have to call the other site or meet on a bridge.

References

Your Turn

  • These notes are based on our experiences connecting to schools around the country. If you have further insight to add, please comment!

Team-written by Janine Lim, Shane Howard, and Roxanne Glaser with input from Lori Colwill. The opinions expressed in these posts are based on our collective video conference experience connecting classes across multiple networks to connect them to zoos, museums, experts and other classes during the past 10 years. This series of posts reflects our usage and understanding, not that of any vendor or manufacturer. No one is paying us to write these. We are just sharing what we have learned.

3 replies on “Day 7: Working with Your Firewall Traversal Unit”

  1. Mike says:

    I’m at a hospital where we have a dozen endpoints and only allow outbound calls. I am interested in a border controller/proxy. We have Polycom endpoints and would like to know the pros/cons of Tandberg Border Controller vs. Polycom Video Border Proxy.
    Any help?
    Thanks,
    Mike

    • Janine Lim says:

      Mike, based on our experiences, we don’t recommend crossing vendors with endpoints and border proxys. Use the same kind as you have endpoints. You’ll have a more stable implementation.

  2. […] Firewall Traversal Units Day 7: Working With Your Firewall Traversal Unit […]

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.