Firewall
This section explains how to configure your Lifesize video systems for firewall traversal as a stand-alone H.323/SIP device.
- If your Icon is connected to the Lifesize cloud-based service, refer to the online help available here.
Placement behind a firewall
Lifesize recommends that you place your system behind a firewall. Use one of the following options:
| DMZwithpublicIPaddress | Placing your video systems in the DMZ allows you to assign public IP addresses. This configuration makes it easier for your system to connect with public video systems on the Internet. |
| Private LAN with NAT | Placing your video systems in the private LAN with Network Address Translation (NAT) obscures their private IP addresses, but makes calls with systems outside of your network more complicated. |
Port Security
Lifesize Icon video systems are network devices that offer different services and protocols for different purposes. Not all of these should be accessible from outside of your organization or network, such as access to the administrative functions of the device or SSH terminal access. To maintain security and help prevent unwanted malicious exploitation or attack, at a minimum, Lifesize recommends blocking external or inbound access to the following ports:
- 22 (SSH)
- 80 (HTTP)
- 443 (HTTPS)
- 554 (RTSP)
- 10008 (REST API service if UVC Manager manages your system)
Lifesize recommends that these ports remain open for internal administrator access. Ensure that you change the default administrator password to be secure.
NOTE: Change the administrator password in the web interface in Preferences > Passwords. You can disable SSH and web access on the system in Preferences > Security.
Refer to Anti-spam filtering for more information about preventing unsolicited and nuisance calls.