Ok, Fortinet has found and resolved the problem. The fix should be in 3.0 MR7 Patch 6 which is tentatively scheduled for sometime in June. Here is a link to the original problem description.
When LiveMeeting initiates a video session it uses STUN. However STUN is generally used in the initial stages of communication to determine the external IP address of an internal client. Then some random ports are opened for the data stream.
Microsoft however uses STUN throughout the entire LiveMeeting video session to not only determine the external IP of your client but to also pass the data stream.
The IPS feature of the firewall was killing the STUN data stream because it was open "too long" since the IPS was not expecting STUN to be used to pass the actual data. Of course the next STUN packet from the internal client would open another outbound port but with a different externally mapped source port which in turn breaks the video stream.
As I mentioned this has been fixed and the branch build we have from Fortinet works like a champ. Thanks Bryan and team. Great job up there in Vancouver for getting to the bottom of this so quickly :)
No comments:
Post a Comment