Okay, I have been on the phone with Checkpoint support, as well as tried
various combinations of rules allowing known QuickTime ports....and I have NOT
been able to get QuickTime to work using port 554 (RTSP). HTTP works for me
since I do not have the proxy, but the authenticated proxy we use for our
machines causes THAT to be a problem, since NO Apple Apps handle proxies well
(authenticated proxies make it even worse). For instance AppleWorks totally
does not see the proxy exceptions to make the clipart and web based templates
work...a real problem which I addressed at WWDC during some talkback forums.
ANYWAYS
DOES ANYONE have QuickTime clients working via rules in a CHECKPONT Firewall NG
(FP 1) on Windows 2000 Server scenario for both clients in a hidden NAT
network, or a server within your DMZ (using real IP address) for internet
clients?
Everything works on port 80 as that is what it is designed for....but that is
not what I want....
I know this is a firewall issue, as I see traffic returning to my network and
being dropped by my any/firewall/any/drop rule..I have RealAudio and Windows
Media Player working with rules since we know ANY doesn't ALWAYS mean ANY per
Checkpoint documentation...
The firewall is thinking the server response is not a return communication from
a client but an un-initiated communication which is being dropped. I know what
ports are being used, so please unless you have this working in this scenario
or feel you have relevant information on making this work in this
scenario...please do not respond with the basic info or Apple's or Checkpoints
knowledgebase stuff...or QuickTime help pages as I have scoured all that and ,
although there is other good info, there is nothing that works for me.
I have seen (using a packet sniffer) that the return packets are using the
SOURCE port 6970, and I have tried creating objects to accommodate this...with
no luck...outgoing communication is working but (when trying to view the WWDC
Keynote) the UDP communication comming back is being dropped. I can see this
repeatedly in the firewall logs. The source is Apple's network, the
destination is my firewall, not the end client, which is why the packets are
being dropped.
Thank you for any information that can be had....if I find out what is going, I
will post the info here....I am also making this plea (as I have times before)
on the checkpoint list.....
Thank you again
-Mike
_________________________________________
Michael Perbix
Lower Merion School District
Telecommunications Specialist
(610) 645-1964 phone
(610) 896-2019 fax
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
