[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


Configuring access rules in TMG 2010 to allow access for port 1935

Posted on 2012-08-13
Medium Priority
Last Modified: 2012-08-20
We have a Microsoft TMG 2010 firewall and I am trying to create an access rule to allow port 1935 (RTMP) to pass through. This is required so that we can test a videoconferencing software called MeetingBurner (meetingburner.com).

I found this but wasn't entirely sure if it is a good solution:

Does anyone know how to configure TMG with the correct inbound/outbound rules, ports, protocols to allow RTMP to pass through?

Many thanks
Question by:mark-199
LVL 29

Accepted Solution

pwindell earned 2000 total points
ID: 38292684
It is not about "ports".

You create access Rules for Users to access Destinations from particular Sources using particular Protocols.  You always have to think of it in those terms.

Complex Protocols (such as FTP, H.323, MMS, PNM, RSTP) require an Application Layer Filter,...and TMG either has it,...or it doesn't (you can't create one yourself). So if it needs one and doesn't have one,...you're pretty much screwed.

Video Conferencing Equipment (any brand) has a horrible reputation of not working over Firewalls.  This is because they use protocols that are not designed from the ground up to operate over NAT'ed or Proxied connections and often do very silly things such as embed the internal Private IP of the VC Equipment into the packet causing the opposite end to try to return the communication back to the RFC Private address which cannot be routed over the Internet (hence the purpose of Application Layer Filters in TMG which overcome this).

Often in a worst case situation, the only way to get them to run properly is mount the VC Equipment on the Public side of the Network and give it it's own dedicated Static Public IP# so that it will not have to pass over any Firewalls or Proxys (even if that means you have to give it its own dedicate Internet Connection/Account).  However that means it will not have any access to the Private LAN at the same time unless the VC Equipment was designed as a dual-home device (allowing it to act as its own firewall)

Anyway,..the Protocol....

If TMG already has a predefined Protocol for RTMP then you have to use that.  If it doesn't then you have to create the Protocol.

Name:  RTMP
Direction: Outbound
Protocol:  (TCP or UDP or Both)
Port Range: 1935 - 1935
Secondary Connections: None

Then use the Protocol in the Access Rule.  Since it is going to be a piece of equipment initating the communication and not an authenticated User the Access Rule must use "All Users" in the Rule ("All Users" = "anonymous")

Author Closing Comment

ID: 38310890
Great explanation!

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Forefront is the brand name for Microsoft's major security product. Forefront covers a number of specific security areas and has 'swallowed' a number of applications under this umbrella including Antigen, ISA Server, the Integrated Access Gateway (t…
Forefront Threat Management Gateway 2010 or FTMG comes with some very neat troubleshooting tools built-in when trying to identify what is actually happening behind the scenes within the product when traffic is passing through its interfaces. To the …
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
Is your OST file inaccessible, Need to transfer OST file from one computer to another? Want to convert OST file to PST? If the answer to any of the above question is yes, then look no further. With the help of Stellar OST to PST Converter, you can e…

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question