Firewall Settings on A/V Edge Server RRS feed

  • Question


    Hi, on the deployment guide on page 30, it request to open port range 50,0000-59,9999 on RTP/TCP and RTP/UDP .


    Most of the security groups do not want to approve such a wide port range thru the internet on their Firewall.


    Where can I find information on what people are doing out there to protect themselves on these ports ? or is there any workaround this for A/V ?


    It does sounds a little bit too much for the risk mitigation we are always trying to run in our firewalls.



    Wednesday, March 5, 2008 4:59 AM

All replies

  • The only way to make it work is to set firewall in transperent mode.  We had to do it for every external interface of the Edge server.

    Wednesday, March 5, 2008 2:25 PM
  • If you pick up the Resource Kit book flip to pages 415-418 and that should clear up your questions.

    The summary is that all of those ports are not actively listening at once - they're enabled at random and open only when needed. They will also only listen over a TLS signal channel, and from the IP address of a remote connection that initiated an AV connection (which first involves connecting on 443 and 3478). These bullet points from the book sum it up for an attacker to even have a shot:
    • Deduce an active port
    • Break the TLS signaling channel
    • Spoof the remote user's IP address
    It's not worth losing sleep over - despite the port range being large, it's still a fairly secure openning.
    Wednesday, March 5, 2008 8:14 PM