Sign in
Microsoft.com
 
Microsoft
 
 
 

locked
Firewall Settings on A/V Edge Server RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

     

    Hi, on the deployment guide on page 30, it request to open port range 50,0000-59,9999 on RTP/TCP and RTP/UDP .

     

    Most of the security groups do not want to approve such a wide port range thru the internet on their Firewall.

     

    Where can I find information on what people are doing out there to protect themselves on these ports ? or is there any workaround this for A/V ?

     

    It does sounds a little bit too much for the risk mitigation we are always trying to run in our firewalls.


    Thanks

    Victor

    Wednesday, March 5, 2008 4:59 AM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote

    The only way to make it work is to set firewall in transperent mode.  We had to do it for every external interface of the Edge server.

    Wednesday, March 5, 2008 2:25 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    If you pick up the Resource Kit book flip to pages 415-418 and that should clear up your questions.

    The summary is that all of those ports are not actively listening at once - they're enabled at random and open only when needed. They will also only listen over a TLS signal channel, and from the IP address of a remote connection that initiated an AV connection (which first involves connecting on 443 and 3478). These bullet points from the book sum it up for an attacker to even have a shot:
    • Deduce an active port
    • Break the TLS signaling channel
    • Spoof the remote user's IP address
    It's not worth losing sleep over - despite the port range being large, it's still a fairly secure openning.
    Wednesday, March 5, 2008 8:14 PM