Lifesize without cloud

Guide for using your Lifesize system without a cloud service


If you choose to place your video systems in a private LAN, you must use NAT to communicate with outside systems. This may include enabling static NAT on your Lifesize system. 

 

On your firewall, whether standalone or built in to your router, you must complete one of the following tasks: 

Use 1:1 NAT and open the call setup and media ports over that connection bidirectionally with an access list. 

UDP port 1719  Gatekeeper registration
TCP port 1720  H.323 call negotiation
UDP port 5060  SIP call negotiation
TCP port 5060  SIP call negotiation if TCP signaling is enabled for SIP calls
TCP port 5061 

TLS signaling in SIP calls if TLS signaling is enabled

 

 

NOTE: TLS is the only transport supported for encrypted calls

Required TCP
and UDP ports 

Range specified in Preferences > Network > Reserved Ports. 

Forward the call setup and media ports to your Lifesize system

UDP port 1719 Gatekeeper registration
TCP port 1720  H.323 call negotiation
UDP port 5060  SIP call negotiation
TCP port 5060  SIP call negotiation if TCP signaling is enabled for SIP calls
TCP port 5061  TLS signaling in SIP calls if TLS signaling is enabled

 

 

NOTE: TLS is the only transport supported for encrypted calls
Required TCP
and UDP ports
Range specified in Preferences > Network > Reserved Ports

Read more about restricting reserved ports and refer to your firewall vendor's documentation for more information. 

Enabling static NAT

NAT enables communication between devices on your LAN that have private IP addresses and devices that are accessed through a public IP network. Static NAT ensures that the same public IP address always maps to a system’s private IP address so that data from the public network intended for the private system can be routed to the system reliably.

 

If you are using static NAT to associate a public IP address with the private IP address of your Lifesize system, you must configure your Lifesize system to work with your static NAT server. From a browser, navigate to Preferences > Network and select Static NAT. Enter the public IP address, hostname, or fully qualified domain name of your system in NAT Public IP Address.

 

NOTE: You cannot upgrade the system from a web browser outside a firewall when static NAT is enabled. Instead, perform the upgrade from within the firewall. 

Testing your NAT envoironment

If your firewall does not employ a feature set that performs H.323 or SIP NAT, you must enable NAT on your private Lifesize system.

 

Place a call from a system on the Internet to your system in the private LAN. If your private system connects within the first 2 seconds after answering, your NAT configuration is working properly. If the call does not connect after answering and disconnects after 30 to 50 seconds, the reserved port settings on your codec do not match the settings on your firewall. Ensure that the system and firewall settings for UDP/TCP ports match.

 

If you still cannot place a successful call, you may have to disable the stateful packet inspection feature on the firewall. Some firewall vendors may call this feature dynamic packet filtering. Refer to your firewall vendor's documentation for more information.