FWSM 2.3 "fixup protocol rtsp" security question

Unanswered Question
Mar 12th, 2008

Hi all,

We've recently implemented SonicFoundry's Mediasite system on campus and are having an interesting problem. It's a media content streaming solution (Mediasite) that uses RTSP.

A percentage of users external to the University cannot view the video streams, but a lot of others can. When testing, using our own external DSL connection, I also cannot view the video streams (same result from home using my personal DSL connection). After spending hours scanning packet-captures and knowledgebase articles I discovered that the inspection of RTSP packets - actioned because of the "fixup protocol rtsp" command in the FWSM 2.3 - could be the cause of the problem.

I switched this feature off and I was then able to view the streams from off, and on, campus.

My concern is this: being not overly experienced with the firewall, is turning off this inspection of RTSP leaving us open (or vulnerable) to anything else?

The organisation is pushing to turn off the protocol inspection, but I want to have a basic understanding of the security or functionality ramifications before I allow this to happen.

I've read the doco that I could find on Cisco.com but I find I'm still somewhat in the dark. As usual, all help greatly appreciated.

Cheers,

Ben Johnson

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
htarra Tue, 03/18/2008 - 14:05

The fixup rtsp command lets PIX Firewall pass RTSP (Real Time Streaming Protocol) packets. RTSP is used by RealAudio, RealNetworks, Apple QuickTime 4, RealPlayer, and Cisco IP/TV connections. PIX Firewall does not support multicast RTSP.

Firewall Services Module Frequently Asked Questions :

http://www.cisco.com/en/US//products/hw/modules/ps2706/products_qanda_item09186a00801e9e26.shtml

Actions

This Discussion