AnsweredAssumed Answered

Explain "Symmetric UDP is required" when configuring a firewall for Lifesize Cloud

Question asked by bgg Partner on Mar 4, 2015
Latest reply on Mar 4, 2015 by mmoszynski

Consider the following example customer setup:

 

  • An internal subnet of 192.168.1.0/24
  • Host A: ICON 600 #1 at IP 192.168.1.1 (behind a customer firewall)
  • Host B: ICON 600 #2 at IP 192.168.1.2 (behind a customer firewall)

 

Since we are discussing symmetric UDP we find from http://www.lifesize.com/cloud-help/advanced-topics-ports.html that the destination ports at Lifesize Cloud is in the range 10000-16000.

 

Example 1:

Host A communicates outgoing through the customer firewall:  internal-IP-A:internal-port-A gets NATed to external-IP-A:external-port-A and connects to Lifesize Cloud

Host B does this too: internal-IP-B:internal-port-B gets NATed to external-IP-A:external-port-B. Notice that the same IP as for Host A is used, just a different external port.

 

Example 2:

Host A communicates outgoing through the customer firewall:  internal-IP-A:internal-port-A gets NATed to external-IP-A:external-port-A and connects to Lifesize Cloud

Host B does this too: internal-IP-B:internal-port-B gets NATed to external-IP-B:external-port-B.

In this example, each ICON passing the customer firewall outgoing gets mapped to its own unique IP-address.

 

I assume that one of the above examples is what you refer to as Symmetric UDP, is this correct?

If so - which one?

Outcomes