- Products
- Network Security
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
Capture ATPMulti-engine advanced threat detection
Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
- Email Security
Email SecurityProtect against today’s advanced email threats
- Cloud Security
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
- Products
- Network Security
- Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
- Security ServicesComprehensive security for your network security solution
- Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
- Capture ATPMulti-engine advanced threat detection
- Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
- Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
- Secure Mobile AccessRemote, best-in-class, secure access
- Wireless Access PointsEasy to manage, fast and secure Wi-FI
- SwitchesHigh-speed network switching for business connectivity
- Email Security
- Email SecurityProtect against today’s advanced email threats
- Cloud Security
- Cloud App SecurityVisibility and security for Cloud Apps
- Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
- Capture ClientStop advanced threats and rollback the damage caused by malware
- Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
Streaming Media and Firewalls (General info)
03/26/2020 
19 People found this article helpful
48,095 Views
Description
Product: Intrusion Prevention Service (IPS)
What is streaming media?
Streaming media typically refers to Non-text files, such as sounds, animation and video that is played on your computer but not downloaded to it. The file is simultaneously "streamed" to the user watching or listening to it. The user needs a player to view or listen to the files - a media player that is compatible with the format of the file must decompress files.
RealMedia, QuickTime and Windows Media are the most common streaming formats. Streaming is more a property of the delivery system than the media itself. These protocols were specifically designed to stream media over the network. They are all built on top of UDP.
- The Real-time Transport Protocol (RTP)
- The Real Time Streaming Protocol (RTSP) on Port 554 (RTSP, allowing RealMedia G2 and QuickTime streaming). RTSP requests are based on HTTP requests. While HTTP is stateless, RTSP is a stateful protocol.
- The Real Time Control Protocol (RTCP)
- Microsoft Media Server (MMS) protocol on port 1755 (MMS, permitting Windows Media streaming).
Media players normally stream via UDP/IP on a wide range of ports (see below for those port numbers) or stream with TCP/IP through a single port. For those sites where opening a non-"well-known port" is a problem, media players can also stream via HTTP on port 80. It is necessary to block all of the UDP and TCP ports corresponding to those port numbers. The number ranges in the documentation below indicate an entire range of available ports; typically, the actual number of ports allocated will be far less.
By default, Windows Media Player uses the following ports to connect:
- TCP 80, 554, 4040, 7070, 8080, 443 (SSL for sign-in), 1755 (MMS Windows Media requests)
- UDP 6970-32,000, 1755 (MMS Windows Media resend requests)
- HTTP 80 (AU, Messaging Service, and HTTP Cloaking)
Player configurations will override these defaults, if these ports are restricted by your firewall.
Still, with all of the streaming-specific ports commonly restricted, streaming media software vendors have had to be creative to allow their content to pass through corporate firewalls. RealNetworks was the first to embed streaming traffic in HTTP requests, making it very difficult for firewalls to differentiate between streaming media and plain Web browsing. HTTP streaming delivery and generic Web browsing both use port 80, and both are compliant with the same HTTP specification, so filtering only one becomes a challenge. Because many media streams fail over to Port 80 when other ports and protocols are blocked, it could be difficult to manage this through technical means.
Without strict workstation and network configuration management, clever users can work around any technical solution. Publish an acceptable use policy, declare your intent to enforce it, and then follow through. (Excerpt from Blocking some streaming media but not others - Network World).
Recommended Solutions:
- Block the streaming media ports or known IP addresses using firewall access rules. (Example: LAN to WAN on the Firewall > Access Rules page in SonicOS Enhanced firmware).
- Use Intrusion Prevention Service (IPS) to block Streaming media. You may view a list of IPS Multimedia signatures.
Note: SonicWall IPS has categorized Multimedia under Low priority attacks; ensure that you have enabled the Prevent All and Detect All feature under IPS global settings.
Reference:
- Streaming media - Wikipedia, the free encyclopedia
- Firewall Information for Windows Media Services 9 Series – From Microsoft.com
Related Articles
- How to Create Gen 7 Settings File by Using the Online Migration Tool
- DNS Resolution of Wildcard FQDN Address Objects
- All associated wildcard FQDN IP addresses do not display in the web browser
Categories
- Firewalls > NSa Series > IPS/GAV/Spyware
- Firewalls > NSv Series > IPS/GAV/Spyware
- Firewalls > TZ Series > IPS/GAV/Spyware
YES
NO