Content Sharing - Dual Screen
Having content share "dual stream” that can display on a different monitor for a room system depends on couple of parameters:
- Room system must support for H.239 (H.323) or BFCP (SIP) and have it enabled. This can be confirmed in the admin settings of the room system.
- The display or monitor settings on the room system must be configured correctly to show main video and content share on separate monitors.
- The room system must be properly configured for NAT traversal with the external public IP address. This can be usually be configured at the firewall or in the room system’s NAT settings. Recommend a static one-to-one NAT be configured at the firewall.
- The IP/port range for BlueJeans must not be blocked. See IP/Port range below.
Improperly configured NAT will in many cases cause the content shared to be transcoded into the main video channel and the result is seeing the content share on a single monitor with a small PIP (picture-in-picture) of the main video in the upper left hand corner. In some cases content will not appear at all.
Content Sharing Replaces Main Video Stream
- Symptom: User tries to share content (H.239) from H.323 Room System and the content is transcoded and replaces the main video camera feed instead of opening up a second window.
- Likely Cause: Because H.239 (duo stream content sharing) is usually blocked unless there is a NAT traversal device or properly configured NAT-aware mechanism in place. If the H.323 endpoint advertises its Private IP address to BlueJeans the H.239 content sharing will not working in Dual Stream mode. The reason is the receiving endpoint will try to contact the sending endpoint at this private IP address and will be unable to communicate properly.
- Fix: Always make sure H.239 content sharing is enabled on H.323 endpoint. Check Firewall and NAT-aware mechanism. A one-to-one static NAT is required. Can try enabling on H.323 inspection (or transformation) on H.323 aware firewall if no transversal device is being used
No Content Sharing
- Symptom: User tries to share content (H.239) and either nothing happens, you only see self-view or a black screen appears on receiving endpoint where the content should be displayed.
- Likely Cause: Receiving endpoint may be improperly configured for NAT or firewall is blocking content share. What may be happening is the receiving endpoint is advertising a private address and sending endpoint is sending shared content to this private address that cannot be reached.
- Always make sure H.239 content sharing is enabled on H.323 endpoint.
- Check Firewall and NAT-aware mechanism. Turn on H.323 inspection on H.323 aware firewall if no transversal device is being used.
Note: In some rare scenarios the firewall pinhole mechanism may block the content media. When a video call is initiated from the endpoint, the audio and video channels are established from internal private network to external public network (Internet) and so the return traffic from public to private network is trusted and pinholes are created to traverse it. However the content is entirely new media traffic coming from Blue Jeans (public network) to the endpoint on private network, which may get blocked by firewall. To verify this and use this workaround:
- The content needs to be firstly initiated from the endpoint so that the firewall learns about this H.323 content traffic and then it allows the content coming from public in that same session.
- Check for any software updates for the firewall to fix this behavior
- Manually open the Transport TCP/ UDP ports on the firewall, instead of having the H.323 inspect or ALG (Application Layer Gateway) controlling the port opening. ALG is not recommended by many room system vendors
Firewall and NAT Configuration
Blue Jeans Network uses the following TCP and UDP ports with the service. Make sure to open firewall ports against BJN's entire ip range:
- 184.108.40.206/26 (May 2018)
- 220.127.116.11/26 (May 2018)
- 18.104.22.168/21 NEW (Oct 2018)
- 22.214.171.124/26 NEW (Oct 2018)
- 126.96.36.199/26 NEW (Oct 2018)
Note: Blue Jeans has several POPs distributed globally. The call will be automatically redirected to the closest POP to the end point or media egress point. Audio/video traffic will likely be routed to any of above ip range based on geo location. Hence it's important that firewall ports are opened against entire ip range.
H.323 based systems:
- Outbound TCP Port 1720 - H.225 Signaling for H.323
- Outbound TCP Ports 5000-5999 - H.245 Call Control for H.323
- Outbound UDP Ports 5000-5999 - RTP Media
SIP based systems:
- Outbound TCP Port 5060 - SIP Signaling
- Outbound TCP Port 5061 - SIPS (TLS) Signaling
- Outbound UDP Ports 5000-5999 - RTP Media