Problems with Video Conferencing

Report Inappropriate Content · ‎07-22-2005

Problem We get connection, a call is established, but no audio or video passes. Same result with call initiated by either end. I' ve tried setting up what is in the Fortigate Tech Note " H.323 Support" Direct Call Scenario 3: NAT/Route mode, NAT enabled and virtual IP required Pieces and parts FG 400 FW 2.80, build456 Polycom iPower 9800 Current Firewall Policies Int > Ext: Source â€“ Internal-iPower, Destination â€“ External-All, Always, H323, Accept, NAT Dynamic Pool Ext > Int: Source â€“ External-All, Destination â€“ Internal-iPower(Virtual IP), Always, H323, Accept, No NAT What am I missing, or doing wrong? Do I need to create a custom â€œVideo Conferencingâ€ service or a group that includes more ports? Also how does H.264 differ from H.323, with regards to the firewall? Thanks In the dark Mark

BigE · ‎08-31-2005

I have been trying to run a video conf through IPSec and have not had very good results. Fortigate 200 2.8 mr8 and Fortigate 100a mr7 on each side of the link. Actually, the 200 crashes when the 100a side picks up the con call.

Erick

BigE · ‎08-31-2005

The 200 is crashing when connecting to any other camera. It looks like the CPU gets cranked up too high and the 200 stops sending or recieving any traffic. It may be too busy so I am going to look through my rules.

Erick

Report Inappropriate Content · ‎08-31-2005

I tried both sites and got the same result I get with every site, connection, but no audio and video. I can check the call stats on my iPower and the connection is active, but no display or sound. A couple questions. (Sorry if theyâ€™re basic, but I just want to eliminate possibilities) It shouldnâ€™t matter that everything coming back in comes to our global public NAT addressâ€¦.correct? Since the session is initiated by the iPower the correct packets will get back to the iPower. The only time the virtual IP is used, is when a call is initiated from the outside in? My policies are set up just like the Fortigate whitepaper on â€œSupport for H.323â€, EXCEPT the Virtual IP is on the external interface. If you set it up on the internal interface it never shows up. The FortiGate unit is operating in NAT/route mode with NAT enabled. For TerminalA (inside) to be able to call Terminal B (outside), you require the following: â€¢ an internal -> external policy to allow Terminal A to initiate connections with Terminal B. Enable NAT. Set service to H.323 For Terminal B to be able to call Terminal A, you require the following: â€¢ a virtual IP on the internal interface â€¢ an external -> internal policy to allow Terminal B to initiate connections with Terminal A. Set the destination address to the virtual IP address. Set service to H.323. If someone wants to test hitting us from the outside, shoot me an e-mail offline Thanks MBJ

BigE · ‎08-31-2005

You may need to make sure there are no vendor specific ports that also have to be added. For example, the dlink product requires 1720/Netmeeting and not the full H.323 scope then it also requires a block of ephemeral ports that are specific to Dlink' s application. I have successfully gotten the videoconferencing to work in the past on a Fortigate using NAT but for some reason this video cam has been problematic. Also, the Fortigate unit will ' assume' that your outgoing traffic from you LAN IP should use the NAT mapping when going to the Internet.

Erick

Report Inappropriate Content · ‎09-01-2005

OK. I have to say, I' m an idiot! I set the priority to high on the Policy allowing H.323 traffic. I didn' t specify an amount or any values. Therefore, H.323 was allocated no bandwidth. All testing after correcting that worked fine. What a day!

BigE · ‎09-03-2005

Upgraded to MR10 and now videoconferencing works. There are H.323 issues in MR7, 8, and 9 but they are fixed in 10.

Erick

Problems with Video Conferencing

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website