Video conferencing devices like Polycom or Tandberg hardware, or even Polycom or Tandberg software that runs on a PC or MAC, requires that a wide range of ports be forwarded into that computer, as well as special settings made in the software for it to function behind a NAT device. The two endpoints negotiate between themselves for what ports to connect on and what IP addresses to connect to. Therefore, this requires a dedicated outside IP address and address forward in the firewall, a firewall rule in SecureSchool to allow the device to connect out, plus a configuration change in the video conferencing device itself.
SecureSchool, ISBossBox, LibraryDoor
Adding an outside IP address
The first thing that's needed is the new dedicated Outside IP Address. Go to "Setup" -> "Secondary IP Addresses" -> "Add a new Secondary IP Address...".
- Add "Video Device" in "Secondary IP Address Name".
- In "For Interface" select "Outside Interface".
- For "IP Address", enter an available IP address that you have been assigned by your ISP. If you do not have or know one, stop now and call your ISP.
- For the "Netmask", enter "255.255.255.255" if this IP address is in a subnet that is already setup on SecureSchool.
- Once you click add, you'll have a screen listing all the outside IP addresses.
Adding an address forward
Next, you need to add the address forward. Go to "Firewall" -> "Address Forwarding" -> "Add Forwarded IP Address".
- For the name, enter something meaningful to you.
- For the Inside IP Address, enter the IP address of the video conferening device or computer.
- For the Outside IP Address, select the IP address you just added.
- Enter any notes you would like.
- Click on Submit
You'll then be presented with a list of your address forwards, including the one you just added.
SecureSchool is now ready, and you can click on "Commit Changes" and restart to finish up your work here. Next, you need to make some setting in the video conferencing device. Since every device and software is different, here's a short list of what you have to verify and/or change
- Make sure the device has it's default gateway set to be SecureSchool. If the device is on a different subnet and has to go through a router, make sure that router has it's default gateway set to SecureSchool.
- Somewhere in the software of the device (or software's settings), there will be a spot for "External IP Address", "NATed IP Address", "Public IP Address", "Translated Address", or something similar. This needs to be set to the Outside IP Address you setup the address forward for in SecureSchool.
Creating the Firewall Rule
Go to the "Firewall" tab and click on "Add A Rule". Fill in the form with the following data:
- Rule Name: A descriptive name for this rule
- Type: "Allow"
- Protocol: "All"
- Direction: "All Inside Interfaces"
- Source Address: Type: "IP Address", then enter the IP address of the videoconferencing device
- Destination Address: Type: "Any"
- The Dangers of an Address Forward