Question : Allowing port 1935 streaming media traffic

An audio/visual contractor will be filming an event at our company, and streaming this live to the web.  They will be using our onsite internet connection to connect to their Flash Media Server at an offsite location, and have requested that I open port 1935 to allow this traffic.

We have a SonicWall 2400 firewall, and I added these rules:

WAN > LAN 33 Any Any RTMP TCP
WAN > LAN 32 Any Any RTMP UDP

("RTMP TCP" and "RTMP UDP" are custom services I created in the SonicWall - port range for both is 1935 - 1935).

Then ran this test:

http://kb2.adobe.com/cps/164/tn_16466.html

Results:

RTMP             DEFAULT      TimeOut
RTMP             80                 Failed
RTMP             443                Failed
RTMP             1935               Failed
HTTP Tunneling            DEFAULT      Failed
HTTP Tunneling            80                 Failed

I then temporarily disabled IPS to see if that helped, and still failed this Adobe test.

A packet trace on the SonicWall shows this:

Time  Ingress  Egress  Source IP  Destination IP  Ether Type  Packet Type  Ports[Src, Dst]  Status  Length

1642 06/03/2010 16:31:02.864 X0*(i) X1 192.168.0.97 216.104.212.40 IP TCP 8033,80 FORWARDED 62[62]
1643 06/03/2010 16:31:02.864 X0*(i) X1 192.168.0.97 216.104.212.40 IP TCP 8034,80 FORWARDED 62[62]
1687 06/03/2010 16:31:03.112 X0*(i) X1 192.168.0.97 216.104.212.40 IP TCP 8035,1935 FORWARDED 62[62]
1688 06/03/2010 16:31:03.112 X0*(i) X1 192.168.0.97 216.104.212.40 IP TCP 8036,443 FORWARDED 62[62]
1720 06/03/2010 16:31:03.208 X0*(i) X1 192.168.0.97 216.104.212.40 IP TCP 8037,80 FORWARDED 62[62]
1721 06/03/2010 16:31:03.208 X0*(i) X1 192.168.0.97 216.104.212.40 IP TCP 8038,1935 FORWARDED 62[62]

Unless I'm screwing up the packet capture, I'm not seeing any traffic from 216.104.212.40 back in to the firewall.  I'm not seeing any dropped packets either from that address, or any that reference port 1935.

Thanks.

Answer : Allowing port 1935 streaming media traffic

Your contractor will be creating an OUTGOING request on port 1935 to their server I am guessing. I think this test is testing a request for an incoming stream. Try reversing the rules for the test.