Hiya,
We've just had a guy in from a reseller to demo vPointHD for us. He emailed the necessary ports to be allowed through before his arrival so I got these pre-configured.
For completeness sake, we used his iPad running a Polycom client for testing purposes.
Basically it would not work unless we allowed both the vPointHD and Polycom protocols both inbound and outbound.
So on this premise everytime we wanted to engage in a video conference call with someone, we would have to ask what system they use and the confgure TMG to suit.
He is under the impression that only TCP port 1720 is required to initiate the call, along with 5004-6004 TCP/UDP for control and voice/video. The handshaking then works out what ports each system use and allows them through automatically. He also said it's the first time he's come across this problem, and funnily enough the first time he has even heard of ISA/TMG.
So what is TMG doing to stop this from mutually working without having each manufacturer's port ranges manually configured, and how do I fix it.
Enabling the H.323 app filter made no difference. I nthe firewall log I can see this pattern on inbound calls;
1720 TCP Initiated connected
1720 TCP Closed connection (straight away)
1720 TCP Denied connection
All from the same source/destination IP;
iPad 3G IP: x.x.x.x:32xx (with 32xx being Polycoms port range)
Internal IP: x.x.x.x:1720 (which is allowed)
I have one rule for outbound and a seperate non-WP rule for inbound.
We've just had a guy in from a reseller to demo vPointHD for us. He emailed the necessary ports to be allowed through before his arrival so I got these pre-configured.
For completeness sake, we used his iPad running a Polycom client for testing purposes.
Basically it would not work unless we allowed both the vPointHD and Polycom protocols both inbound and outbound.
So on this premise everytime we wanted to engage in a video conference call with someone, we would have to ask what system they use and the confgure TMG to suit.
He is under the impression that only TCP port 1720 is required to initiate the call, along with 5004-6004 TCP/UDP for control and voice/video. The handshaking then works out what ports each system use and allows them through automatically. He also said it's the first time he's come across this problem, and funnily enough the first time he has even heard of ISA/TMG.
So what is TMG doing to stop this from mutually working without having each manufacturer's port ranges manually configured, and how do I fix it.
Enabling the H.323 app filter made no difference. I nthe firewall log I can see this pattern on inbound calls;
1720 TCP Initiated connected
1720 TCP Closed connection (straight away)
1720 TCP Denied connection
All from the same source/destination IP;
iPad 3G IP: x.x.x.x:32xx (with 32xx being Polycoms port range)
Internal IP: x.x.x.x:1720 (which is allowed)
I have one rule for outbound and a seperate non-WP rule for inbound.