What firewall changes do I need to make to use this service?

VC-Connect Endpoint Firewall Requirements

Due to the implementation of our secure video network, there are a few firewall rules that may be required depending on your network configuration to allow communication with the VC-Connect infrastructure. This is to provide our customers with the best technology on the market.

What this means to you

In order to take full advantage of our service, we MAY require you to make some changes to your firewall to allow communication from your current hardware/software to our Firewall Traversal Servers. Please note that many firewalls work without any modification at all.

If you wish to test your firewall before deploying our managed video service, then call test@dial.vc (more instructions here). and you’ll be prompted to speak “1…2…3” and this recording will loop back to you. If you can see and hear this then you’re good to go. 

What addresses and ports does video conferencing use?

Please see below firewall port requirements. In order to provide resiliency, we will require you to open ports to multiple addresses.

VC-Connect address ranges

North America
38.117.72.0/24
185.135.210.0/24

United Kingdom
212.46.142.0/24
185.135.208.0/24
91.244.117.0/24

Hong Kong
64.138.14.224/27
91.233.183.0/24

Note: We provide ranges rather than specific IPs as we may dynamically increase or decrease the size of the video infrastructure estate.

Complete Firewall Port List

To enable the VC-Connect service a complete list of the ports required is below. Should, you require information on the individual protocol requirements then please see the next section for a breakdown of services.

Inbound (to VC-Connect)
Protocol Source-Port Dest-Port Description Device
TCP 80 HTTP Web browser / API interface / Skype for Business / Lync system (for conference avatar)
TCP 443 HTTPS Web browser/ API interface / VC-Connect mobile client / Outlook client/add-in (VMR scheduling)
TCP 1720 H.323 (H.225 signaling) Endpoint / call control system
TCP/UDP 5060 SIP Endpoint / call control system
TCP 5061 SIP/TLS Endpoint / call control system
TCP 33000-39999 H.323 (Q.931/H.245 signaling) Endpoint / call control system
TCP/UDP 40000-49999 RTP / RTCP / RDP / VbSS / DTLS / RTMP / STUN / TURN Endpoint / call control system / Skype for Business / Lync system / VC-Connect
UDP 1719 H.323 (RAS signaling) Endpoint / call control system

Conference Node - Inbound Ports

Outbound (from VC-Connect)
Protocol Source-Port Dest-Port Description Device
TCP 33000-39999 1720 H.323 (H.225 signaling) Endpoint / call control system
TCP/UDP 33000-39999 5060 SIP Endpoint / call control system
TCP 33000-39999 5061 SIP/TLS Endpoint / call control system
TCP 33000-39999 H.323 (Q.931/H.245 signaling) Endpoint / call control system
TCP/UDP 40000-49999 RTP / RTCP / RDP / VbSS / DTLS / RTMP / STUN / TURN Endpoint / call control system / Skype for Business / Lync system / Infinity Connect
TCP 40000-49999 1935 RTMP RTMP streaming server
UDP 40000-49999 19302-19309 SRTP Google Hangouts Meet
TCP (TLS) 55000-65535 443/8057 PSOM (PowerPoint presentation from SfB/Lync) SfB/Lync Web Conferencing service
TCP (TLS) 55000–65535 443 HTTPS (PowerPoint presentation from SfB/Lync) SfB/Lync Front End Server or Edge Server
and WAC/OWA/OOS server
UDP 33000-39999 1719 H.323 (RAS signaling) Endpoint / call control system
UDP 40000-49999 3478 STUN / TURN STUN / TURN server

Conference Node - Outbound Ports

Defined Services Firewall List

SIP Proxies

Please ensure that the correct ports are open depending on the video conferencing system you are using. There are different port requirements for SIP depending on what signaling method your system is using. The media requirements are the same regardless of the signaling method. Note these outbound exceptions are required to establish a UDP/TCP session. There are absolutely no inbound pinholes required.

Function Port (s) Type Direction
SIP Signalling(TLS) 5061 TCP Host —-> VC-Connect
SIP Signalling(TCP) 5060 TCP Host —-> VC-Connect
SIP Signalling(UDP) 5060 UDP Host —-> VC-Connect
Media (RTP) 2776 UDP Host —-> VC-Connect
Media (RTCP) 2777 UDP Host —-> VC-Connect
Media 40000 – 54999 UDP Host —-> VC-Connect
H323: Using Assent Firewall Traversal

If your video conference system supports Assent traversal, you MAY need to open the ports below in order to register to our firewall traversal server.

Function Port (s) Type Direction
Gatekeeper RAS 1719 UDP Host —-> VC-Connect
Call Signalling 2776 TCP Host —-> VC-Connect
Media (RTP) 2776 UDP Host —-> VC-Connect
Media (RTCP) 2777 UDP Host —-> VC-Connect
Q931/H245 Signalling 33000-39999 TCP Host —-> VC-Connect
Media 40000 – 54999 UDP Host —-> VC-Connect
H323: Using H.460.18/19 Firewall Traversal (used by all Polycom/Lifesize devices)

If your video conference system is not a Cisco Telepresence device and supports H.460.18/19 firewall traversal, you will need to open the ports below in order to register to our firewall traversal server.

Function Port (s) Type Direction
Gatekeeper RAS 1719 UDP Host —-> VC-Connect
H.225 Protocol 1720 TCP Host —-> VC-Connect
H.245 Protocol 2777 TCP Host —-> VC-Connect
Q931/H245 Signalling 33000-39999 TCP Host —-> VC-Connect
Media (RTP) 2776 UDP Host —-> VC-Connect
Media (RTCP) 2777 UDP Host —-> VC-Connect
Media 40000-54999 UDP Host —-> VC-Connect
Browser-based Video Calling (a.k.a. WebRTC)

We offer browser-based video calling – all major browsers are supported. This is typically known as WebRTC but we offer more than that as WebRTC is limited to Google Chrome, Firefox and Opera. We also provide service to any browser that also supports Adobe Flash. To allow this feature to work, the following ports will need to be opened:

Function Port (s) Type Direction
STUN/TURN Media 3478 UDP Host —-> VC-Connect
Media 40000-49999 TCP Host —-> VC-Connect
Media 40000-49999 UDP Host —-> VC-Connect
HTTP 80 TCP Host —-> VC-Connect
HTTPS 443 TCP Host —-> VC-Connect

Key

Please see below explanations of the direction column (where applicable):

Direction Explanation
Host <—-> VC-Connect Ports needs to be opened inbound and outbound to/from your VC endpoint and VC-Connect
Host <—- VC-Connect Ports need to be opened inbound to your VC endpoint from the VC-Connect address ranges
Host —-> VC-Connect Ports need to be opened outbound from your VC endpoint to the VC-Connect address ranges
VC-Connect —-> Host Ports need to be opened inbound to your VC endpoint from the VC-Connect address ranges

Finally, if you have any problems, please feel free to contact our support team via one of the follow methods:

Email Address: support@uci2i.com

Video Address: support@uci2i.com

Support Help Centre: https://support.uci2i.com/hc

Telephone: +442038418555 (EMEA) or +852 3008 4422 (APAC)