TECHNICAL NOTE Firewall, NAT & Web Proxy Traversal for VidyoConferencing Solutions

www.vidyo.com 1.866.99.VIDYO

2009 Vidyo, Inc. All rights reserved. Vidyo is a registered trademark and VidyoConferencing, VidyoDesktop, VidyoGateway, VidyoPortal, VidyoProxy, VidyoRoom, VidyoRouter and VidyoTechnology are trademarks of Vidyo, Inc. All other trademarks are the property of their respective owners. All specifications subject to change without notice, system specifics may vary.
TN_0209_PROXY_US

Vidyos Fire ewall, N and Web Pr NAT roxy Tra aversal S Solution n
Overcoming dep ployment barriers secur rely and effectively
Utilizing the interne to gain cost efficiencies is a significant advantage of the VidyoC et Conferencing solution. ersing compan firewalls, N ny NATs and Web Proxies can pose a chall n lenge, particu ularly if you do have ont Trave contro over the firewall, or your company po ol r olicy prevents you from ope ening the necessary ports for VidyoConferencing signaling and traffic. Vidy proxy solution was dev g yos veloped to address this challenge, rely secur and effectively. Vidyos proxy solut is comprised of client a server so tion and oftware components. The s server component es yoRouter app pliance and is included wit the purchase of the Vidy s th yoRouter. The client e reside on the Vidy component is inclu uded with the VidyoDesktop purchase a resides o the same endpoint devic p and on ce.

Vidyo Solutions for Firewalled Network o ks

VidyoDesktop V VidyoDesktop V Software Client

VidyoRouter Software S

VidyoProxy Client

Vid dyoDesktop negoti iates UDP ports s with VidyoRouter h

V idyoProxy Server

Internet

Firew with UDP Port Range Opened wall U

VidyoDesktop V Client

VidyoRouter Software S

VidyoProxy Client

VidyoProxy V tunne on port 443 els

V idyoProxy Server

Firew with UDP Ports Closed wall U s

Technical N Note: Firewall & NAT Traversal for VidyoConferencing g

Page | 2

Key Features and Functions of Vidyos Proxy Solution

For implementations where the necessary range of UDP ports are opened on the company network, the VidyoDesktop client uses industry standard ICE/STUN to negotiate UDP ports directly with the VidyoRouter. These same protocols are employed for NAT traversal. For implementations where the UDP ports are closed on the company network, Vidyos proxy solution overcomes these blocking issues in a secure fashion by tunneling on port 443 using industry standard TCP. The VidyoDesktop is able to auto-detect if firewall blocking is taking place and automatically switch to Vidyos proxy configuration as needed. If the firewall configuration is known, auto-detection can be easily overridden. Vidyos proxy client software is included with the VidyoDesktop application and the proxy server software is included with the VidyoRouter application. The same proxy client and server software modules are also able to traverse Web Proxies. While no additional hardware is necessary to implement the proxy solution, the proxy server software may be run independently on a separate VidyoRouter appliance to optimize performance for cases where the appliance running the VidyoRouter application is not in close proximity to the internal company network. Please note that Vidyos proxy solution is not currently supported on VidyoRoom endpoints.

Conclusion
We hope that this information will help simplify your VidyoConferencing deployment in environments where firewalls, NATs and web proxies come into play. For more information or additional ideas on how to address your deployment concerns, please contact your local Vidyo sales engineer.

For more information: www.vidyo.com/1.866.99.VIDYO

Technical Note: Firewall & NAT Traversal for VidyoConferencing

Page | 3