12-22-2010 06:59 AM
Hi All,
A company we are using for some online training videos are wanting to use RTMPTE Protocol to serve up the video. I believe they are wanting to use this as it sends the data over a http tunnel and uses 128bit encryption. I cannot get this to work, is it possible to use this on an Ironport S650 running 7.0.0-819 for Web?
When i try a stream that is using RTMPT which is unencrypted it works fine.
Regards,
Martin
Solved! Go to Solution.
02-03-2011 08:31 AM
Martin,
The WSA is not intended to be used with RTMP. There are a few thing that could be going wrong. If you have the HTTPS service enabled, you will need to set this to Passthrough in the decryption policies. Since this is not properly HTTPS, you may actually need to bypass the traffic altogether using the bypass list.
The WSA is an application proxy, so when encrypted traffic is sent to the WSA, it needs to be in proper HTTPS (HTTP over SSL).
12-22-2010 02:55 PM
Hello Martin,
Since the WSA does not really natively support RTMPTE protocol, and it goes through http tunnel, also, since it will be 128 bit encrypted, why do you want to be passing this traffic through the WSA?
Otherwise, if you are having https proxy configured, you can possibly configure for custom url category and passthrough policy.
If doing authentication, you may also have to configure the same custom url category for authentication bypass identity.
Regards,
Eric
02-01-2011 02:00 AM
We are needing to pass this through the WSA because all out internet traffic goes using this method for authenticated users. I have tried adding the site to a custom url category the user group has access to and also to the passthrough policy none of which has worked. The site is displaying fine, but the videos themselves are not being shown.
02-03-2011 08:31 AM
Martin,
The WSA is not intended to be used with RTMP. There are a few thing that could be going wrong. If you have the HTTPS service enabled, you will need to set this to Passthrough in the decryption policies. Since this is not properly HTTPS, you may actually need to bypass the traffic altogether using the bypass list.
The WSA is an application proxy, so when encrypted traffic is sent to the WSA, it needs to be in proper HTTPS (HTTP over SSL).
02-04-2011 02:28 AM
Thank you for the reply,
It does look like the only way around this is to put the site in a bypass list for the proxy
Regards,
Martin
02-04-2011 07:35 AM
This is common for applications of this type. We are always looking for ways to make the WSA more flexible in handling non-HTTP / non-HTTPS traffic.
I have added a sighting for Next Group to the following feature:
54017 Feature Request: native support for RTSP / RTMP protocol
I also filed a new bug / feature to try and handle this traffic better:
75450 Encrypted RTMP over 443 through the WSA breaks - requires bypass list
If you can please respond or email me directly at josh@ironport.com, I'd like to understand your specific deployment and use case for these features so I can better educate Development and Product Management.
Thank you for helping make the WSA better!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide