I placed the VC unit on the DMZ and the unit still fails to register. I am not sure if I am missing a policy or if I even created the correct policies. This is what I did.
For the DMZ interface I gave it an ip of 192.168.5.1
DHCP Server range - 192.168.5.2 - 192.168.5.5
The VC unit picked up ip 192.168.5.2
Inbound rule
Incoming Interface - Centurlyink (wan1)
Outgoing Interface - DMZ (dmz)
Source All - (for now to test then I want to restrict it to what is only needed)
Destination - LIfesize Express
Schedule - Always
Service - All
Internal rule
Incoming Interface - Internal (lan)
Outgoing Interface - DMZ (dmz)
Source - DMZ(dmz)
Destination - Centurylink (wan1)
Schedule Always
Service All
These are the other docs that lifesize sent me.
https://www.lifesize.com/en/help/admin-console/get-started/configure-firewall/open-ports
Pages 39-42
Sticking the VCU on the DMZ is fine, but what you are trying to do is pretty much NAT - you will need to set up port forwards (from WAN to DMZ). In Fortinet speak, this is called VIPs. Also you really do not want to send any/all traffic hitting the WAN port and directing it to the DMZ port.
An example of port forwards is this old Polycom list from about eight years ago, on an 80CM running old firmware - the VCU was assigned a static IP 192.168.93.40. These VIPS were then placed in a group and used in the dest address of a WAN to LAN firewall rule.
The above was only used once and had we so much problems that we just ended up installing a small switch between the ISP gateway device and fgt and giving the VCU a "public IP" and connecting it to this switch.
