Your CHAMP Video service requires that ports 50001 through 50008 be NAT mapped from your edge firewall to the local IP address of your CHAMP Encoder. Best practices says that this NAT mapping be a DNAT and not an SNAT
Why Is It Dangerous?
SNAT obfuscates who is talking to your internal hardware, it could be CHAMP, or it could be “someone” overseas and leave you vulnerable to an attack. This means that any internal device thinks it is communicating with the firewall itself and not an external session.
Any internal device has no way of knowing if a connection is legitimate or malicious, and thus your network is currently at risk
If you have any questions, we stand by to help in any way we can and we’re happy to help you correct the issue.
Note on Fortigate
If you use a Fortigate network appliance, the default configuration for NAT mapping is SNAT and not DNAT