• ×
    Information
    Windows update impacting certain printer icons and names. Microsoft is working on a solution.
    Click here to learn more
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
  • ×
    Information
    Windows update impacting certain printer icons and names. Microsoft is working on a solution.
    Click here to learn more
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
Guidelines
Be the first to explore and join the conversation on our brand-new Poly Support Community Blog, Click here It's live now!!
HP Recommended

Hi there.

 

First post and I hope that someone out there can help.

 

We have a reasonably complex environment across several sites for our VC systems.

 

At the major sites, we have recently moved the VC units (all Polycom of various vintages) into DMZs to improve security as we need to start using these devices with 3rd parties (up to now they have been used almost exclusively for internal meetings).

 

In general, we have no problem with traffic between the units in different DMZs. Our firewalls (Sonicwall NSA series) have been setup with the correct NAT rules, only necessary open ports and so on.

 

The endpoints themselves have been setup to use fixed ports, told that they are behind an H323 aware firewall with manual NAT and all is well, with the exception of 1 system.

 

Bizarrely, this one system will not accept incoming calls from any remote site; the endpoint indicates that a call has been initiated, but as soon as it is accepted, the message "Far site disconnected" shows on both endpoints and the call is dropped.

 

Packet captures indicate that the firewall on the initiator side drops packets in the 30,000 + port range on TCP.

 

Outbound calls from this unit have no problems at all.

 

My understanding is that as part of the call setup, the receiving endpoint tells the initiator which ports it can communicate on (from the 'allowed ports' setting) - in this case it looks like this one unit is asking to communicate on ports outside the standard fixed ports.

 

We have other endpoints in the same DMZ with the same settings (and most importantly inheriting the same set of NAT policies / firewall rules) which do not exhibit this behaviour.

 

The only difference that we can find between the unit with the problem and those without is the firmware level.

 

The 'working' units are at 2.6.1, the 'problem' unit is at 3.0.1.

 

Has anyone else experienced similar problems and, perhaps more importantly(!), has anyone found a fix?

 

Is it possible to DOWNgrade the firmware on an HDX 7000? Is this a sensible next stage of troubleshooting?

 

Thanks in advance,

 

Mark

 

PS - allowed ports:

 

H323 Call SignalingTCP17201720 
T120 (Whiteboard+A43)TCP15031503 
VC-AdditionalPorts-TCPTCP32303243 
VC-AdditionalPorts-UDPUDP32303341 
VC-AudioCallControlTCP17311731 
VC-SIP-TCPTCP50605060 
VC-SIP-UDPUDP50605060 
1 ACCEPTED SOLUTION

Accepted Solutions
HP Recommended

For info, this was resolved with an update to the latest firmware.

View solution in original post

1 REPLY 1
HP Recommended

For info, this was resolved with an update to the latest firmware.

† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the <a href="https://www8.hp.com/us/en/terms-of-use.html" class="udrlinesmall">Terms of Use</a> and <a href="/t5/custom/page/page-id/hp.rulespage" class="udrlinesmall"> Rules of Participation</a>.