Supports multimedia with or without NAT

Additional UDP or TCP high ports may be opened

©2000, Cisco Systems,

Multimedia applications may transmit requests on TCP, get responses on UDP or TCP, use dynamic ports, may use the same port for source and destination, and so on. Every application behaves in a different way. Implementing support for all multimedia applications using a single secure method is very difficult. Two examples of multimedia applications are given below:

■ RealAudio sends the originating request to TCP port 7070. The RealAudio server replies with multiple UDP streams anywhere from UDP port 6970 through 7170 on the client machine.

■ The CUseeMe client sends the originating request from TCP port 7649 to TCP port 7648. The CUseeMe datagram is unique in that it includes the legitimate IP address in the header as well as in the payload, and sends responses from UDP port 7648 to UDP port 7648.

The PIX Firewall dynamically opens and closes UDP ports for secure multimedia connections. You do not need to open a large range of ports, which creates a security risk, or have to reconfigure any application clients.

Also, the PIX Firewall supports multimedia with or without NAT. Many firewalls that cannot support multimedia with NAT limit multimedia usage to only registered users, or require exposure of inside IP addresses to the Internet. Lack of support for multimedia with NAT often forces multimedia vendors tojoin proprietary alliances with firewall vendors to accomplish compatibility for their applications.

0 0

Post a comment