Please confirm if my understanding is correct regarding the necessary features and port numbers to be opened when using XProtect WebRTC under the following conditions.
Conditions:
TURN/STUN servers are not used because the WebRTC connection is established from the same network segment.
Required Features and Port Numbers to be Opened
Best Regards.
Here’s an additional question.
Opening UDP dynamic ports (49152-65535) in a firewall should be avoided due to security risks.
If it is necessary to open UDP dynamic ports (49152-65535), please also provide countermeasures to mitigate the associated risks.
Hey Kouzou
For WebRTC to work, outgoing UDP traffic on ports 49152–65535 must be allowed. If you cannot allow incoming traffic on those ports, you should add a STUN server to your environment. This will help clients establish a connection through the firewall (unless it is a symmetric NAT firewall). With a symmetric NAT firewall, you will need to add a TURN server.
This is what is required for WebRTC to function properly. However, as I’m not a network security expert, I cannot advise you on how to set this up to meet your specific security requirements.
Thank you for your answer.
I understand that if it is not possible to fully open all UDP dynamic ports, you should use a STUN server to connect through NAT.