Re: [FW1] fyi QuickTime and 4.0 sp6

Mon, 29 May 2000 09:29:56 -0700 


>Date: Sat, 13 May 2000 18:09:28 -0400
>From: Perbix Michael <[EMAIL PROTECTED]> 
>Subject: [FW1] fyi QuickTime and 4.0 sp6
>
>Just a confirmation that QuickTime 4.0 - 4.1.2 (last few versions tested)
>works with hidden NAT and streaming.
>
>I created 2 rules...the first is 
>
>internal_all          any                RTSP             ACCEPT
>
>The second is...
>
>any               internal_all         RTP_UDP      ACCEPT

I didn't require the second rule, the FW-1 4.0 sp6 RTSP inspect code seems to deal 
with the RTP reply traffic.  I assume this is done in a statefull manner.

It would seem to me that one really shouldn't allow the unrestricted externally 
initiated access to internal host ports that this second rule appears to grant.  

>
>The RTSP service is built in with this SP.  I am not sure about the RTP_UPD
>wether I did it or it came with the SP.  However it is UDP 6970-6999
>inclusive.  Internal_all is defined with all our internal clients.  It did
>not work with ANY/ANY, I HAD to define a source and a destination.
>

I think you added RTP_UDP, it isn't defined on my installation.  I didn't require it 
anyway.

>I have the Streaming TRANSPORT set to RTSP port 554 and the Streaming Proxy
>set to HTTP with our proxy settings.  We use a proxy for HTTP access
>otherwise you do not need that if you let http out directly.
>
>Works like a charm!  I tested from both Windows and Macintosh clients.
>
>Thank-you Checkpoint for finally fixing this thorn in my side since most
>educational sites with streaming tutorials that we use, use QuickTime 8-).
>

I agree, thanks Checkpoint for finally getting around to this.  

When we purchased FW-1, flexibility was one of the reasons.  I figured that being 
programable at a high level (via Inspect) the vendor would be much more likely to keep 
up with new protocols.  The period of time it took Checkpoint to release this 
surprised me, esp. considering that hide NAT is used a lot and QuickTime is a major 
protocol from a major vendor.  As far as I can recall, it is about a year since 
QuickTime 4 was released, this much delay in supporting it is really excessive.  


Michael Embree
Nova Scotia Technology and Science Secretariat
Halifax, Nova Scotia, Canada




================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to