Traversing firewalls/NAT
By Jason Meserve, NetworkWorld.com, 02/11/05
It's been a good week for the videoconferencing industry four announcements (Tandberg, Polycom, VisualNexus and Jasomi/Radvision) for systems that deal with the firewall and NAT traversal issue that plagues H.323 IP calls. The main issue with H.323 is that it uses a number of ports to pass calls through the firewall. The ports used can differ from one call to the next, making it difficult for firewalls to handle securely. All the systems funnel the H.323 traffic into set ports, making it more suitable for passing through a firewall or NAT setup.
Leading off, Tandberg launched Expressway, a two-part system the requires an appliance in the DMZ and a software upgrade for the Tandberg MXP line. An MXP endpoint registers with a Border Gateway appliance and the work in-hand to pass traffic through just about any firewall. I can attest to this one. Tandberg gave me a demo of the product here at the NW World HQ, where our firewall is not H.323 friendly. The 1500 MXP they brought in connected to a Border Controller at Tandberg's office in Virginia and we were able to connect to a couple different folks at Tandberg. At our end, all the Tandberg folks did is plug in the device into our network.
Also on Monday, Polycom (Tandberg's chief rival) chimed in with their own firewall solution (coincidence?). The company has been working with Edgewater Networks on a system and the V2IU is the result. It will be Polycom branded and can work with just about any H.323-compliant endpoint. The V2IU sits along side the firewall, acting as a proxy for H.323 traffic. For connections between two locations with firewalls, you'll most likely need a V2IU at both ends, unless you've got an H.323-compatible firewall, such as Cisco's PIX. Polycom says it's taking orders for the V2IU, though a search of the Polycom site only brought up the press release.
VisualNexus' product is said to be similar to the Tandberg offering, according to Andrew Davis in the latest Wainhouse Research Bulletin. VisualNexus' system is dubbed Visual Nexus Secure Transport (VNST) and can pass all H.323 and T.120 traffic through port 80.
Finally, Jasomi and Radvision are working together to make firewall/NAT traversal a non-issue for SIP calls. The companies demonstrated an MCU with firewall traversal capability at this week's VoiceCon show.
SIP may have more features than H.323, but it still prone to the same problems when it comes to ports usage and firewalls. I am waiting for the day when an individual endpoint can call through a firewall securely, without the need for a separate appliance. Unfortunately, Davis says that is against the laws of physics. Polycom says it is working with standards bodies to make changes to the H.323 specification that could someday make it a little less "noisy" for firewalls. Until then, there are a number of new options available for making videoconferencing calls a little more firewall tolerant.
TrackBack
Back to The Multimedia Exchange
Comments
Post a comment
