Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.

SEP - Firewall exeption not quite getting it (RTSP/video/IP-CCTV)....

Created: 18 Apr 2013 • Updated: 19 Apr 2013 | 10 comments
This issue has been solved. See solution.

Hi, and thanks in advance for your help.

I'm helping someone who has a small LAN and an IP based CCTV system, and SEP running with a management console pushing out all settings.  I am a techie, familiair with firewalls, IT and management consoles, but I can't figure this out!

The CCTV system works via an ActiveX download in Internet Explorer.  I have no idea how the Active X application works, but he website (http) is on port 6200, and the video stream (RTSP) is on port 5554.  We've NAT'd and port forwarded these ports from the router/hardware firewall.  Any client, on LAN or Internet (without SEP) on work fine.

So my laptop (no SEP) connects on the LAN quite happily and video streams.

For clients with SEP, the website and activeX download is fine, but no live video is streamed.

Clients with SEP also don't work externally, suggesting SEP is the problem

 

Anyway, on the mangement console, I've created new allow rules for TCP 6200,5554 and UDP 6200,5554 as local, and anther rule with the same as remote (as local didn't work), and then (I think) applied the policy to all devices, then got the laptop to "update policy" and the console shows the policy timestamp correctly - so assume it applied.

But it didn't work.

What am I doing wrong?  I don't know if the live video requires "incoming" on port 5554 to receive a broadcast stream, or "outgoing" to connect to the CCTV and pull it?  

Any ideas on how this needs to be set up?  I have probably mis-understood the SEP terminology.

Thanks for any advice

(PS - I'm reading the manual pages and happy to set things up and I know what things are, just don't know exactly what I need for this situation) 

 

Thx

Operating Systems:

Comments 10 CommentsJump to latest comment

.Brian's picture

If you can post the Traffic log than we can figure it out. Make sure to note the time the block occurred so we can narrow it down.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Marmite_on_toast's picture

OK.  How can that be activated on a single client?  I've seen the log function for specific rules, but if there is a "log all" button (then try to run it) then "stop log" button - please let me know.

(I've only played with SEP for a short time)

.Brian's picture

You can open the traffic log on the client and export it. There is the ootion to do so at top left.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Marmite_on_toast's picture

OK - I will action that next time I'm passing, may not be for a few days.  (didn't know the option was there)

Marmite_on_toast's picture

Hi

The logs don't seem to show anything being blocked :(

I've run the "disable sep" command and the ActiveX still doens't work... 

When the IE is launched/running, even if firewall says "pop up balloon when program blocked" - nothing pops up or is shown. 

Not quite sure how it works, but nothing reported.  (other general blocks are)

Any way to disable SEP totally for a short duration?

Of course, this issue may be double-headed with multiple faults, but it seems strange my laptop (and others) work remotely and on LAN, and anything with SEP on don't work on LAN or remotely.

Any other suggestion appreciated. Is there a more aggressive log?  (not too aggressive as I'm accessing via Logmein to get this sussed)

.Brian's picture

Right clicking and selecting "Disable SEP" will turn off the firewall allowing all traffic to pass. This should be effective enough to determine if the cause was the firewall.

Could IE be blocking the active X component?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Marmite_on_toast's picture

The ActiveX is definately loading....  And its on 2 desktops and a laptop all with same behviour (with SEP on).  Any other device without SEP works fine.  So SEP is a common element - BUT OF COURSE something else may be too....

I would blame the LAN/BT hub - but my laptop was plugged into the same netgear switch as the PCs with SEP, so it can't be switch/hub security.

If "Disable SEP" does turn off all firewall functions then it is unlikely to be the SEP firewall.

Does SEP have a component that blocks Active-X, or Active-X network control?

FYI - my laptop and the BT hub only record ports 6200 and 5554 passing through (so "incoming" to the cctv unit).  netstat -a shows these as established

The only other common factor is these computers HAD Norton 360 on, but that was cleanly removed before SEP was installed.

Marmite_on_toast's picture

Well....

Disabled all Symantec IE add ins

Disabled SEP firewall (right click disable on task bar icon)

Removed active-X viewers

Reinstalled....

and nothing.

 

netstat -a on the client shows "established" ports between PC and CCTV unit on ports 6200 and 5554, but nothing streaming through.

May not be a SEP issue then, but why just the machines with SEP on?

 

Any suggestions, no matter now silly would be apprecaited as I'm out of ideas....

 

Marmite_on_toast's picture

Ah....

Just noticed its (and probably all clients there) are on IE10.....

I run IE9 as IE10 doesn't work properly with Sharepoint online.

I'll just test on a lab W7/IE10......

Marmite_on_toast's picture

lol!

Sorry, nothing to do with SEP.

It was IE10. 

Works fine in IE9, but not IE10  In IE10, click "compatibility" and it works fine.

Sorry to bother you all :)

SOLUTION