Main Menu
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
SonicWall
  • Products
    • Network Security
      • Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
      • Security ServicesComprehensive security for your network security solution
      • Network Security ManagerModern Security Management for today’s security landscape
    • Advanced Threat Protection
      • Capture ATPMulti-engine advanced threat detection
      • Capture Security applianceAdvanced Threat Protection for modern threat landscape
    • Access Security
      • Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
      • Secure Mobile AccessRemote, best-in-class, secure access
      • Wireless Access PointsEasy to manage, fast and secure Wi-FI
      • SwitchesHigh-speed network switching for business connectivity
    • Email Security
      • Email SecurityProtect against today’s advanced email threats
    • Cloud Security
      • Cloud App SecurityVisibility and security for Cloud Apps
      • Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
    • Endpoint Security
      • Capture ClientStop advanced threats and rollback the damage caused by malware
      • Content Filtering ClientControl access to unwanted and unsecure web content
    • Product Widgets
      • Product Menu Right Image
      • Capture Cloud Platform
        Capture Cloud Platform

        A security ecosystem to harness the power of the cloud

    • Button Widgets
      • Products A-Z
        all products A–Z FREE TRIALS
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure WiFi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  • English English English en
  • BLOG
  • CONTACT SALES
  • FREE TRIALS
  • English English English en
SonicWall
  • Products
    • Network Security
      • Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
      • Security ServicesComprehensive security for your network security solution
      • Network Security ManagerModern Security Management for today’s security landscape
    • Advanced Threat Protection
      • Capture ATPMulti-engine advanced threat detection
      • Capture Security applianceAdvanced Threat Protection for modern threat landscape
    • Access Security
      • Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
      • Secure Mobile AccessRemote, best-in-class, secure access
      • Wireless Access PointsEasy to manage, fast and secure Wi-FI
      • SwitchesHigh-speed network switching for business connectivity
    • Email Security
      • Email SecurityProtect against today’s advanced email threats
    • Cloud Security
      • Cloud App SecurityVisibility and security for Cloud Apps
      • Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
    • Endpoint Security
      • Capture ClientStop advanced threats and rollback the damage caused by malware
      • Content Filtering ClientControl access to unwanted and unsecure web content
    • Product Widgets
      • Product Menu Right Image
      • Capture Cloud Platform
        Capture Cloud Platform

        A security ecosystem to harness the power of the cloud

    • Button Widgets
      • Products A-Z
        all products A–Z FREE TRIALS
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure WiFi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  • Menu

Streaming Media and Firewalls (General info)

03/26/2020 19 People found this article helpful 104,319 Views

    Download
    Print
    Share
    • LinkedIn
    • Twitter
    • Facebook
    • Email
    • Copy URL The link has been copied to clipboard

    Description

    Product: Intrusion Prevention Service (IPS)

    What is streaming media?

    Streaming media typically refers to Non-text files, such as sounds, animation and video that is played on your computer but not downloaded to it. The file is simultaneously "streamed" to the user watching or listening to it. The user needs a player to view or listen to the files - a media player that is compatible with the format of the file must decompress files.

    RealMedia, QuickTime and Windows Media are the most common streaming formats. Streaming is more a property of the delivery system than the media itself. These protocols were specifically designed to stream media over the network. They are all built on top of UDP.

    • The Real-time Transport Protocol (RTP)
    • The Real Time Streaming Protocol (RTSP) on Port 554 (RTSP, allowing RealMedia G2 and QuickTime streaming). RTSP requests are based on HTTP requests. While HTTP is stateless, RTSP is a stateful protocol.
    • The Real Time Control Protocol (RTCP)
    • Microsoft Media Server (MMS) protocol on port 1755 (MMS, permitting Windows Media streaming). 

    Media players normally stream via UDP/IP on a wide range of ports (see below for those port numbers) or stream with TCP/IP through a single port. For those sites where opening a non-"well-known port" is a problem, media players can also stream via HTTP on port 80. It is necessary to block all of the UDP and TCP ports corresponding to those port numbers. The number ranges in the documentation below indicate an entire range of available ports; typically, the actual number of ports allocated will be far less.

    By default, Windows Media Player uses the following ports to connect:

    • TCP 80, 554, 4040, 7070, 8080, 443 (SSL for sign-in), 1755 (MMS Windows Media requests)
    • UDP 6970-32,000, 1755 (MMS Windows Media resend requests)
    • HTTP 80 (AU, Messaging Service, and HTTP Cloaking)

    Player configurations will override these defaults, if these ports are restricted by your firewall. 

    Still, with all of the streaming-specific ports commonly restricted, streaming media software vendors have had to be creative to allow their content to pass through corporate firewalls. RealNetworks was the first to embed streaming traffic in HTTP requests, making it very difficult for firewalls to differentiate between streaming media and plain Web browsing. HTTP streaming delivery and generic Web browsing both use port 80, and both are compliant with the same HTTP specification, so filtering only one becomes a challenge. Because many media streams fail over to Port 80 when other ports and protocols are blocked, it could be difficult to manage this through technical means.

    Without strict workstation and network configuration management, clever users can work around any technical solution. Publish an acceptable use policy, declare your intent to enforce it, and then follow through. (Excerpt from Blocking some streaming media but not others - Network World).

    Recommended Solutions:

    1. Block the streaming media ports or known IP addresses using firewall access rules. (Example: LAN to WAN on the Firewall > Access Rules page in SonicOS Enhanced firmware).
    2. Use Intrusion Prevention Service (IPS) to block Streaming media. You may view a list of IPS Multimedia signatures.
      Note: SonicWall IPS has categorized Multimedia under Low priority attacks; ensure that you have enabled the Prevent All and Detect All feature under IPS global settings.

    Reference:

    • Streaming media - Wikipedia, the free encyclopedia
    • Firewall Information for Windows Media Services 9 Series – From Microsoft.com

    Related Articles

    • SSL Control and DPI-SSL Compatibility
    • FIPS Mode: Radius protected with IPSEC VPN
    • Maximum DHCP Leases

    Categories

    • Firewalls > NSa Series > IPS/GAV/Spyware
    • Firewalls > NSv Series > IPS/GAV/Spyware
    • Firewalls > TZ Series > IPS/GAV/Spyware

    Not Finding Your Answers?

    ASK THE COMMUNITY

    Was This Article Helpful?

    YESNO

    Article Helpful Form

    Article Not Helpful Form

    Company
    • Careers
    • News
    • Leadership
    • Awards
    • Press Kit
    • Contact Us
    Popular resources
    • Communities
    • Blog
    • SonicWall Capture Labs

    Stay In Touch

    • By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. You can unsubscribe at any time from the Preference Center.
    • This field is for validation purposes and should be left unchanged.
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
    • Instagram

    © 2022 SonicWall. All Rights Reserved.

    • Legal
    • Privacy
    • English
    Scroll to top
    Trace:bc25ceab620983726ed9b9f9e3bc8474-80