Solved

what is a Media proxy and how does it solve the RTP firewall problem

Posted on 2014-12-03
4
200 Views
Last Modified: 2014-12-15
Hi,
I read about the RTP firewall problem. The RTP flow is unable to happen due to a firewall in between.
One solution to this was using a media proxy. But i couldnt understand what that is and how will that solve this problem.

Please help me understand about media proxy and how it solves the RTP firewall problem.
Thanks
0
Comment
Question by:Rohit Bajaj
  • 2
  • 2
4 Comments
 
LVL 32

Accepted Solution

by:
harbor235 earned 500 total points
ID: 40481637
Typically a proxy is an application aware software or hardware platform that posses detailed knowledge and capabilities regarding the flows, security, and performance of a particular application.

So in your case, a media proxy is software or hardware that accepts RTP streams and acts on the behalf of the sender(s) to optimize the streams to the endoint(s). An RTP proxy will provide additional control and/or security (NAT topology hiding) of the RTP streams.

Most modern firewalls have built in proxy server capabilities, your problem could be that the  RTP application being used is behaving in an unexpected manner and the firewall is block the traffic, or that the firewall does not have RTP proxy capabilities and RTP streams are being dropped to traffic being generated outside its security policy.


harbor235 ;}
0
 

Author Comment

by:Rohit Bajaj
ID: 40482415
Hi,
I didnt understand this much. If the client 2 sends the RTP data to a port to client 1. As this port will not be open on the firewall , the packet will get dropped by the Firewall. How will media proxy help in this case.
Will it open the port on the firewall automatically ??
0
 

Author Comment

by:Rohit Bajaj
ID: 40482541
I read something like the following about Media proxy but its unclear to me :

Media Proxy re-writes the SDP RTP/AVP field to direct RTP traffic back to a preferred port on the Media Proxy Server

The Media Proxy also Re-writes the RTP/AVP field when sending messages to the initiating SIP UA so that all RTP traffic again hits a preferred port

This preferred port can be opened on the Firewall and set to only accept traffic from the Media proxy
0
 
LVL 32

Expert Comment

by:harbor235
ID: 40482723
Correct, as robinsuri states, if you understand how the RTP application is operating the firewall can be adjusted to allow the traffic streams.

If the firewall has a built-in RTP proxy like a Cisco ASA or a Juniper SRX (there are more) then the firewall will allow the necessary traffic through based on the initial RTP connection and application signaling. In this case the firewall inspects
the RTP flow and since it is RTP aware can inspect the RTP segments and open all necessary ports as signaled by the sender and receiver.

 
harbor235 ;}
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Although VoiceOver IP has been around for a while, internet connections have only recently become fast enough to provide good call quality. Now, VoIP has become a real option for businesses looking at ways to improve their business model. In this ar…
SSL is a very common protocol used these days when browsing the web.  The purpose is to provide security to communication, but how does it do it?  There are several pieces at work that have to be setup before SSL will even work and it requires both …
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question