I recently bought the Verizon MiFi Jetpack 4620L for one very specific purpose, i.e. to obtain internet connectivity for doing demos of Polycom videoconferencing equipment for potential clients at their sites. The good news is that when I call someone (or am called), the other side can hear and see me fine in 1080p HD; however, the bad news is I hear or see nothing.
Here is my setup:
Verizon Internet ---> MiFi 4620L --WWAN ---> ZyXel router in bridge mode with DHCP disabled --wired Ethernet ---> Polycom videoconferencing system.
Polycom videoconferencing systems require TCP port 1720 open for signalling and once the handshake is done between the near end and far-end machines through this port, they negotiate which ports they will communicate on. The port ranges are 3230-3235 (TCP) and 3230-3277 (UDP). I have forwarded these ports on the MiFi to my Polycom system (192.168.1.2). Also, the wireless bridge is working fine (I can check this by connecting a laptop via Ethernet cable to the bridge router (Zyxel) and go online without any problem.
Another observation: the Polycom system is able to auto-detect the same WAN address as one displayed when I go to whatismyip.com. It is a 70.XX address and not the Verizon's internal network address 10.XX that shows up in the MiFi settings menu. However, when I ping the 70.XX address from my PC connected to comcast cable broadband, the ping fails. What is this 70.XX address?
That the call connects tells me TCP port 1720 is open in both directions. However, something is not right with the other ports for incoming packets. This is definitely a NAT/Firewall issue.
Can someone please help me with suggestions as to what may be going on here? Could Verizon be blocking videoconferencing ports?
The MiFi 4620L and all 4G LTE devices hide behind Verizons NAT firewall. The NAT is responsible for many limitations that we took for granted on the old 3G only devices, specifically webcams, voip, xbox hosting and a variety of other services dependent on a externally accessible IP Address.
This is the reason why it is not possible to ping your devices from a remote location, the NAT hides and blocks all external attempts to reach your devices. In most cases, only internal communication can reach out of the NAT, external communication into the NAT cannot because you do not really know what your IP Address is.
The best work around that I have seen is to setup a VPN tunnel between your devices and your clients. That way you are able to punch a hole through the VZW NAT and host a video conference. There are many free VPN clients available out there that can accomplish this task for you. All you have to do is get your clients to access your VPN tunnel at the same time and you should be able to connect to each other with no problems.
That or pay VZW a few hundred dollars for a static IP address. Static IP's are known to work just fine.
Thanks John - that makes sense. I wonder what prompted Verizon to adopt such a network architecture for 4G LTE. Perhaps they didn't want to overload the network with peer-to-peer applications. On the flip side, they are leaving money on the table by excluding applications that would promote high usage plans and overages.
I guess calling Verizon and asking them to forward some ports to my "private" IP address is out of question (i.e. if I can make the tier 1 person even understand what I am talking about). I wish static IP was cheaper but $500 is too steep. Since I am still within the return window, my 4620L is going back. Too bad - I would have been very profitable customer for Verizon. Do you know if AT&T and Sprint have same limitation (assuming similar quality)?
If you speak to someone at VZW about this issue they will tell you it is either related to security of the network or because the number of externally accessible IP addresses is running out or already gone. There is some truth to that matter (in regards to IPv4) but we don't really know why this decision was made.
VZW will not honor your requests to punch a hole in the NAT. Its just a limitation we have to deal with.
I do not have access to an ATT or Sprint device to confirm what their LTE networks are like. I'd suspect a quick post to their forums should get you a response from someone who knows. Sales Reps tend to not be trained on the specific limitations of the networks either.
I'm *hopeful* that "static IPs are known to work just fine" as you say. I bought the static IP and so far it's not working for me. Like snmirab in his or her thread, I am trying to view a remote IP camera through the 4620L. Also like snmirab I am not even able to even ping the static IP address of my JetPack. Waiting for a firmware update is a little discouraging, since Novatel's update to enable future updates won't even install.
If you know of someone who has this (or something similar) working with a static IP and a 4620L, please let me know.