logo

Live Production Software Forums


Welcome Guest! To enable all features please Login or Register.

Notification

Icon
Error

Options
Go to last post Go to first unread
mluired  
#1 Posted : Saturday, August 29, 2020 6:11:22 AM(UTC)
mluired

Rank: Newbie

Groups: Registered
Joined: 8/29/2020(UTC)
Posts: 2
Spain
Location: Madrid

Hi colleagues.

I am encountering problems using Vmix call in corporate network with restricted firewall rules.

Considering below requirements, we are only allowing outbound connection using 10349 TCP port but no inbound traffic is allowed for now as for us it is risky from security standpoint.

NETWORK REQUIREMENTS INCLUDED IN Vmix documentation:
TURN/STUN: Port 10349 UDP/TCP
Video/Audio Streams: Dynamic Port Allocation UDP - 49152-65535

My questions are the following:
- Is it possible to make vmix call work in a corporate network with restrictive firewall rules?
- Is there any way for vmix to work without having to open a huge number of inbound traffic ports?
- Is it possible to distinguish between legitimate traffic from vmix servers and illicit traffic somehow? By using tcp/udp headers data? We want to filter traffic by using application control in firewall with specific signatures if possible as it is not possible to limit IPs/FQDNs at firewall level.
- We are testing only with outbound traffic connection and allowing 10349 TCP port but vmix is using 443 port instead. Is the information provided by vmix in the documentation accurate?
- What is the difference between Point-to-point connection and not P2P in terms of network requirements? Are the requirements the same?

Thanks collegues for your help.
Regards.
DaveT  
#2 Posted : Thursday, September 3, 2020 7:40:48 AM(UTC)
DaveT

Rank: Advanced Member

Groups: Registered
Joined: 4/28/2020(UTC)
Posts: 40
United States
Location: San Francisco

Was thanked: 6 time(s) in 5 post(s)
vmixcall.com (the webpage itself) uses port 443 (HTTPS). The connect of the call within it uses 10349 (if p2p isn't available)

I'd try opening up UDP on 10349 as well and see if it helps.

Our normal firewalls absolutely block inbound ports, but no issues w/ 10349 TCP/UDP outbound being opened up.

DT
mavik  
#3 Posted : Thursday, September 3, 2020 11:48:27 PM(UTC)
mavik

Rank: Advanced Member

Groups: Registered
Joined: 4/23/2017(UTC)
Posts: 1,126
Man
Location: Germany

Thanks: 3 times
Was thanked: 164 time(s) in 146 post(s)
Is it possible to make vmix call work in a corporate network with restrictive firewall rules?
YES

Is there any way for vmix to work without having to open a huge number of inbound traffic ports?
YES, vmixcall (webRTC) is working with a signaling server to make the two partners IP addresses available. If a direct P2P connection is not possible (firewall/proxy/nat) it will use the TURN server.

Is it possible to distinguish between legitimate traffic from vmix servers and illicit traffic somehow?
You can use Wireshark to analyse the packets.

What is the difference between Point-to-point connection and not P2P in terms of network requirements? Are the requirements the same?
P2P needs open UDP ports on both sides to be successful. The fallback is TURN. There, both sides just have traffic with the TURN server.
Users browsing this topic
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.