Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2321
Views
3
Helpful
5
Replies

RTMPTE Protocol

Go to solution
martin_bisiker
Level 1
Level 1

‎12-22-2010 06:59 AM

Hi All,

A company we are using for some online training videos are wanting to use RTMPTE Protocol to serve up the video. I believe they are wanting to use this as it sends the data over a http tunnel and uses 128bit encryption. I cannot get this to work, is it possible to use this on an Ironport S650 running 7.0.0-819 for Web?

When i try a stream that is using RTMPT which is unencrypted it works fine.

Regards,

Martin

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
jowolfer
Level 1
Level 1
In response to martin_bisiker

‎02-03-2011 08:31 AM

Martin,

The WSA is not intended to be used with RTMP. There are a few thing that could be going wrong.  If you have the HTTPS service enabled, you will need to set this to Passthrough in the decryption policies. Since this is not properly HTTPS, you may actually need to bypass the traffic altogether using the bypass list.

The WSA is an application proxy, so when encrypted traffic is sent to the WSA, it needs to be in proper HTTPS (HTTP over SSL).

View solution in original post

0 Helpful
5 Replies 5

Go to solution
edadios
Cisco Employee
Cisco Employee

‎12-22-2010 02:55 PM

Hello Martin,

Since the WSA does not really natively support RTMPTE protocol, and it goes through http tunnel, also, since it will be 128 bit encrypted, why do you want to be passing this traffic through the WSA?

Otherwise, if you are having https proxy configured, you can possibly configure for custom url category and passthrough policy.

If doing authentication, you may also have to configure the same custom url category for authentication bypass identity.

Regards,

Eric

Go to solution
martin_bisiker
Level 1
Level 1
In response to edadios

‎02-01-2011 02:00 AM

We are needing to pass this through the WSA because all out internet traffic goes using this method for authenticated users. I have tried adding the site to a custom url category the user group has access to and also to the passthrough policy none of which has worked. The site is displaying fine, but the videos themselves are not being shown.

0 Helpful

Go to solution
jowolfer
Level 1
Level 1
In response to martin_bisiker

‎02-03-2011 08:31 AM

Martin,

The WSA is not intended to be used with RTMP. There are a few thing that could be going wrong.  If you have the HTTPS service enabled, you will need to set this to Passthrough in the decryption policies. Since this is not properly HTTPS, you may actually need to bypass the traffic altogether using the bypass list.

The WSA is an application proxy, so when encrypted traffic is sent to the WSA, it needs to be in proper HTTPS (HTTP over SSL).

0 Helpful

Go to solution
martin_bisiker
Level 1
Level 1
In response to jowolfer

‎02-04-2011 02:28 AM

Thank you for the reply,

It does look like the only way around this is to put the site in a bypass list for the proxy

Regards,

Martin

0 Helpful

Go to solution
jowolfer
Level 1
Level 1
In response to martin_bisiker

‎02-04-2011 07:35 AM

This is common for applications of this type. We are always looking for ways to make the WSA more flexible in handling non-HTTP / non-HTTPS traffic.

I have added a sighting for Next Group to the following feature:

54017 Feature Request: native support for RTSP / RTMP protocol

I also filed a new bug / feature to try and handle this traffic better:

75450 Encrypted RTMP over 443 through the WSA breaks - requires bypass list

If you can please respond or email me directly at josh@ironport.com, I'd like to understand your specific deployment and use case for these features so I can better educate Development and Product Management.

Thank you for helping make the WSA better!

0 Helpful
Customers Also Viewed These Support Documents