[fw-wiz] Checkpoint and RTSP NAT



Hi everyone,

I'm having problem with rtsp clients on my network trying to reach servers
on the internet. The clients are behind a Checkpoint NGX firewall doing NAT.
Capturing packets i saw that the NAT in the Checkpoint box is the problem.
The firewall do NOT change the "client_ports" parameter in the response
packet from server when de-NATing the packet:

Client to server Transport field of RTSP packet: Transport:
RTP/AVP;unicast;client_port=6970-6971
;mode=play,RTP/AVP/TCP;unicast;mode=play
Server response to client: Transport: RTP/AVP;unicast;source=72.14.209.177
;client_port=59598-59599;server_port=10580-10581;ssrc=6DF21148

Did anyone knows if Checkpoint NGX can be awareness of RTSP when using NAT,
and change the payload of the response packet ?

Thanks,
Pedro Mazzoni
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


Relevant Pages

  • Re: NAT is not a mechanism for securing a network.. but.. HELP!
    ... For years I have heard people claim that NAT could be circumvented ... > packet is routed. ... but the only outside network I have access to right now ... > Firewall is a term, most people use other than it was intended. ...
    (comp.security.firewalls)
  • Re: NAT vs. True Firewalls
    ... not just mean packet filter. ... A firewall can be made up of one or more ... components that can block or filter protocol traffic between two networks. ... So a NAT can be as much part of a firewall implementation as the ...
    (comp.security.firewalls)
  • Re: NAT vs. True Firewalls
    ... > not just mean packet filter. ... A firewall can be made up of one or more ... > components that can block or filter protocol traffic between two networks. ... So a NAT can be as much part of a firewall implementation as ...
    (comp.security.firewalls)
  • Re: TFTP, NAT
    ... With NAT yes, but behind a firewall, you have to have a very good reason. ... > was the destination of the UDP packet that caused the entry to be created. ...
    (comp.os.linux.networking)
  • Re: home network behind NAT and firewall ?
    ... >> real Firewall appliance with more than 20 systems at any given time. ... >> firewall provides for the ability to assign both public (not nat) and ... that would reset the router and allow remote control - it was noted ... >> LAN inside their network and it would never have to reach the ISP's ...
    (comp.security.firewalls)