Ppolycom units through untangle?

[Deleted member 12106]

Trying to get 2 units to talk to each other over the internet. I have both units configured to auto recive calls, and also the ports forwarded.

I cannot seem to get these to work, unsure it it may be an UT issue or not.

 

[YeOldeStonecat]

What software is being used for the calls?

 

[Deleted member 12106]

the units themselves. Trying to get them to call each other over the internet. Had one in the bosses office the other day watching him/lipping off but no dice over the internet

 

[Arch]

Polycom endpoints are going to use either H.323 or SIP for calls. Untangle, or any Linux distro as far as I know, is not capable of doing H.323 or SIP fixup to change the embedded IP addresses within the H.323 or SIP messages to the external IP address. Do the Polycom endpoints has a STUN or option for your to configure the external address?

 

[DeChache]

If you want to try to dial out to a unit with a public address shoot me an PM and we can work something out for tomorrow. When I'm at work.


Usually with the units behind firewall I have to have them dial out to me. I've never had mine behind a firewall

 

[Captain Colonoscopy]

Might have to setup some bypass rules for the voice stuff. I seem to remember having to do that for a client that was using IP phones over a site-to-site VPN tunnel.

 

[Deleted member 12106]

I forwarded the ports required for the unit, I believe ports 3229-3237 is what the manual said.

Both UDP and TCP are forwarded.

 

[Nate7311]

The last time I had to setup Polycom's, it was a 5000 and we had some issues geting it to speak to the outside world. In my case it turned out to be a defective unit, but Polycom tech support was WONDERFUL! They have an open loopback and callback feed to the world for exactly the kind of testing it sound like you are trying to do. As I recall, their Tech support had me forward more than the standard ports, but I'll have to dig throuh old notes to find that. I'd give them a call, especially if they are new units!

 

[Deleted member 12106]

these units where end of life /discontinued units. I might have a 5000 unit. ill check when I get back to the office.

 

[Nate7311]

Try this IP: 140.242.250.200 I pulled it off of Polycom's website. I'm pretty sure this is the one I used for testing.

http://www.polycom.com/support/documentation/video_test_numbers.html

Also if memory serves to test incoming commection, you can use "Netmeeting" and a webcam. I know it's old-school, but uses a standard h.323, haven't kept up to see what other programs are compatibly with the Polycoms.

 

[DeChache]

Don't know if this will help or not but a port scan of one of my units shows these ports as open. I know port 80 is used for web administration on mine.

80/tcp open http
443/tcp open https
990/tcp open ftps
993/tcp open imaps
1720/tcp open H.323/Q.931
5001/tcp open commplex-link

 

[Nate7311]

To further the previous poster, this is my forwarded port list specifically to the Polycom:

TCP: 1503,1718-1720, 1731, 3230 - 3253
UDP: 3230 - 3253

 

[Destonomos]

5060 is used for sip so I would make sure that is open as well. If you need a SIP provider, I just happen to work for one so PM me if needing service

Never messed with Untangle, does it have any SIP ALG stuff like sonicwalls do? That will mess with transmission and registration with a pbx as well. On a side note, why polycom? Their firmware update process is less than user friendly.

 

[DeChache]

On a side note, why polycom? Their firmware update process is less than user friendly.

I've never had a problem updating any of my units what kind of problems did you run into

 

[Deleted member 12106]

990, 993, 1720, 5001, 1718-1720, 1731, 3230-3253, 5060, these are all forwarded.

 

[Proactivens]

Your going to need to go to networking>advanced>bypass rules and create a bypass rule to prevent Untangle from scanning the phone traffic. Ensure you have created both firewall rules to allow the traffic and port forwards to redirect it.

 

[Deleted member 12106]

Your going to need to go to networking>advanced>bypass rules and create a bypass rule to prevent Untangle from scanning the phone traffic. Ensure you have created both firewall rules to allow the traffic and port forwards to redirect it.

So whatever I have in my port forwards needs to be in the bypass rules?

 

[Proactivens]

Bypass rules tell Untangle to not run the traffic through the UVM. Untangle scanning will add latency, so you need to bypass it so that you dont have latency issues. Bypass rules should be formatted by protocol, destination port, and source interface.

Source interface: internal, external
Protocol: TCP or UDP
Destination port: XXXX

Thats all you need. You can specify port ranges, so if your trunk requires 5060 and 10001-20000 like my callcentric trunks do, then you can specify destination port 10001-20000 and it will work. So really, you should only need a hand full of bypass rules.

 

[Deleted member 12106]

I am using netmeting from work to try to hit the unit at home. It isnt working. I am also not able to hit one of the test ip's with this.

 

[Deleted member 12106]

I can hit the test site from home, but I cannot get both units to hit each other unless they are on the same lan/vpn.

Can't hit the test site from the other end.

Bypass rules are set and port forwards are set.

I am going to double check how the units are configured.