Configuring access rules in TMG 2010 to allow access for port 1935

Posted on 2012-08-13
Last Modified: 2012-08-20
We have a Microsoft TMG 2010 firewall and I am trying to create an access rule to allow port 1935 (RTMP) to pass through. This is required so that we can test a videoconferencing software called MeetingBurner (

I found this but wasn't entirely sure if it is a good solution:

Does anyone know how to configure TMG with the correct inbound/outbound rules, ports, protocols to allow RTMP to pass through?

Many thanks
Question by:mark-199
    LVL 29

    Accepted Solution

    It is not about "ports".

    You create access Rules for Users to access Destinations from particular Sources using particular Protocols.  You always have to think of it in those terms.

    Complex Protocols (such as FTP, H.323, MMS, PNM, RSTP) require an Application Layer Filter,...and TMG either has it,...or it doesn't (you can't create one yourself). So if it needs one and doesn't have one,'re pretty much screwed.

    Video Conferencing Equipment (any brand) has a horrible reputation of not working over Firewalls.  This is because they use protocols that are not designed from the ground up to operate over NAT'ed or Proxied connections and often do very silly things such as embed the internal Private IP of the VC Equipment into the packet causing the opposite end to try to return the communication back to the RFC Private address which cannot be routed over the Internet (hence the purpose of Application Layer Filters in TMG which overcome this).

    Often in a worst case situation, the only way to get them to run properly is mount the VC Equipment on the Public side of the Network and give it it's own dedicated Static Public IP# so that it will not have to pass over any Firewalls or Proxys (even if that means you have to give it its own dedicate Internet Connection/Account).  However that means it will not have any access to the Private LAN at the same time unless the VC Equipment was designed as a dual-home device (allowing it to act as its own firewall)

    Anyway,..the Protocol....

    If TMG already has a predefined Protocol for RTMP then you have to use that.  If it doesn't then you have to create the Protocol.

    Name:  RTMP
    Direction: Outbound
    Protocol:  (TCP or UDP or Both)
    Port Range: 1935 - 1935
    Secondary Connections: None

    Then use the Protocol in the Access Rule.  Since it is going to be a piece of equipment initating the communication and not an authenticated User the Access Rule must use "All Users" in the Rule ("All Users" = "anonymous")

    Author Closing Comment

    Great explanation!

    Featured Post

    Free Trending Threat Insights Every Day

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Join & Write a Comment

    ISA Server detected routes through the network adapter LAN that do not correlate with the network to which this network adapter belongs What does this mean and how can one go about correcting it? In simple terms, this error message indicates t…
    Common practice undertaken by most system administrators is to document the configurations and final solutions of anything performed by them for their future use and reference. So here I am going to explain how to export ISA Server 2004 Firewall pol…
    In this sixth video of the Xpdf series, we discuss and demonstrate the PDFtoPNG utility, which converts a multi-page PDF file to separate color, grayscale, or monochrome PNG files, creating one PNG file for each page in the PDF. It does this via a c…
    In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now