Solved

what is a Media proxy and how does it solve the RTP firewall problem

Posted on 2014-12-03
4
192 Views
Last Modified: 2014-12-15
Hi,
I read about the RTP firewall problem. The RTP flow is unable to happen due to a firewall in between.
One solution to this was using a media proxy. But i couldnt understand what that is and how will that solve this problem.

Please help me understand about media proxy and how it solves the RTP firewall problem.
Thanks
0
Comment
Question by:Rohit Bajaj
  • 2
  • 2
4 Comments
 
LVL 32

Accepted Solution

by:
harbor235 earned 500 total points
ID: 40481637
Typically a proxy is an application aware software or hardware platform that posses detailed knowledge and capabilities regarding the flows, security, and performance of a particular application.

So in your case, a media proxy is software or hardware that accepts RTP streams and acts on the behalf of the sender(s) to optimize the streams to the endoint(s). An RTP proxy will provide additional control and/or security (NAT topology hiding) of the RTP streams.

Most modern firewalls have built in proxy server capabilities, your problem could be that the  RTP application being used is behaving in an unexpected manner and the firewall is block the traffic, or that the firewall does not have RTP proxy capabilities and RTP streams are being dropped to traffic being generated outside its security policy.


harbor235 ;}
0
 

Author Comment

by:Rohit Bajaj
ID: 40482415
Hi,
I didnt understand this much. If the client 2 sends the RTP data to a port to client 1. As this port will not be open on the firewall , the packet will get dropped by the Firewall. How will media proxy help in this case.
Will it open the port on the firewall automatically ??
0
 

Author Comment

by:Rohit Bajaj
ID: 40482541
I read something like the following about Media proxy but its unclear to me :

Media Proxy re-writes the SDP RTP/AVP field to direct RTP traffic back to a preferred port on the Media Proxy Server

The Media Proxy also Re-writes the RTP/AVP field when sending messages to the initiating SIP UA so that all RTP traffic again hits a preferred port

This preferred port can be opened on the Firewall and set to only accept traffic from the Media proxy
0
 
LVL 32

Expert Comment

by:harbor235
ID: 40482723
Correct, as robinsuri states, if you understand how the RTP application is operating the firewall can be adjusted to allow the traffic streams.

If the firewall has a built-in RTP proxy like a Cisco ASA or a Juniper SRX (there are more) then the firewall will allow the necessary traffic through based on the initial RTP connection and application signaling. In this case the firewall inspects
the RTP flow and since it is RTP aware can inspect the RTP segments and open all necessary ports as signaled by the sender and receiver.

 
harbor235 ;}
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Suggested Solutions

Hey there Heard about jingle, the add on for XMPP that enables point to point audio between two XMPP clients. No server config necessary. Actually quite a cool feature. However, how good is it if you can not use those voice capabilities to do a P…
If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now