Lifesize® Icon™ Series 300/500/700

Last Updated: Mar 23, 2023

Firewall

This section explains how to configure your Lifesize video systems for firewall traversal as a stand-alone H.323/SIP device. 

  • If your Icon is connected to the Lifesize cloud-based service, refer to the online help available here.
Call setup and media ports
Restricting reserved ports

Placement behind a firewall

Lifesize recommends that you place your system behind a firewall. Use one of the following options:

DMZwithpublicIPaddressPlacing your video systems in the DMZ allows you to assign public IP addresses. This configuration makes it easier for your system to connect with public video systems on the Internet.
Private LAN with NATPlacing your video systems in the private LAN with Network Address Translation (NAT) obscures their private IP addresses, but makes calls with systems outside of your network more complicated.

Port Security

Lifesize Icon video systems are network devices that offer different services and protocols for different purposes. Not all of these should be accessible from outside of your organization or network, such as access to the administrative functions of the device or SSH terminal access. To maintain security and help prevent unwanted malicious exploitation or attack, at a minimum, Lifesize recommends blocking external or inbound access to the following ports:

  • 22 (SSH)
  • 80 (HTTP)
  • 443 (HTTPS)
  • 554 (RTSP)
  • 10008 (REST API service if UVC Manager manages your system)

Lifesize recommends that these ports remain open for internal administrator access. Ensure that you change the default administrator password to be secure.

NOTE: Change the administrator password in the web interface in Preferences > Passwords. You can disable SSH and web access on the system in Preferences > Security.

Refer to Anti-spam filtering for more information about preventing unsolicited and nuisance calls.