VTC Video Conferencing Rules for Palo Alto Firewall

Posted by:

If you have a Cisco Telepresence VCS Expressway or a legacy Tandberg Border Controller or even an MCU behind a Palo Alto Firewall there are several Application based objects needed to be in your Outbound and Inbound Security policy.

  • rtp-base
  • rtcp
  • h.225
  • h.245
  • h.323
  • sip
  • rtp

Normally the logs will show which ports are being denied by the clean up rule. Depending on the type of Firewall, you might need to create an object with a certain udp range. There are also cases where a VTC endpoint is configured to use static ports that’s out of range from the standard protocols and applications built in. Making VTC sessions work behind a newly deployed Firewall can be challenging at first. Simple trial and error and gathering firewall connection logs is key. I’d be careful allowing a big range of ports though to Inbound Firewall rules.

0

About the Author:

Amante Bustamante is the Senior Network and Security consultant and the company Chief Technology Officer. He is an expert in the design and operation of networking systems essential to supporting complex requirements. Amante Bustamante has over 15 years of Technical IT experience with a specialization in Network and Network Security integrations.

You must be logged in to post a comment.