VTC Video Conferencing Rules for Palo Alto Firewall - Ashburn Consulting LLC

Blogs

VTC Video Conferencing Rules for Palo Alto Firewall

Sep
24
2015

VTC Video Conferencing Rules for Palo Alto Firewall

If you have a Cisco Telepresence VCS Expressway or a legacy Tandberg Border Controller or even an MCU behind a Palo Alto Firewall there are several Application based objects needed to be in your Outbound and Inbound Security policy.

  • rtp-base
  • rtcp
  • h.225
  • h.245
  • h.323
  • sip
  • rtp

Normally the logs will show which ports are being denied by the clean up rule. Depending on the type of Firewall, you might need to create an object with a certain udp range. There are also cases where a VTC endpoint is configured to use static ports that’s out of range from the standard protocols and applications built in. Making VTC sessions work behind a newly deployed Firewall can be challenging at first. Simple trial and error and gathering firewall connection logs is key. I’d be careful allowing a big range of ports though to Inbound Firewall rules.