TMS zl Management and Configuration Guide ST.1.0.090213
4-82
Firewall
Application-Level Gateways
rpc
The RPC ALG:
■ interprets the following message types:
• CALL — Contains the RPC transaction ID.
• REPLY — Contains the RPC transaction ID that is sent by the client
and the protocol and port number on which the data connection is to
be established.
• ACCEPT — Specified in the reply message, this type means that the
server has accepted the call.
■ extracts the port and protocol information in the reply message from the
server and opens associations for the data-transfer connection.
■ performs the following functionality:
• Application-control filters — If application-control support is
enabled in firewall for the RPC connection, the ALG extracts the RPC
program number from the payload. The extracted program number is
validated against the application-control configuration, and based on
that, it is allowed or denied.
rtspv4
RTSP controls a stream that might be sent over a separate protocol. For
example, RTSP control may occur on a TCP connection while the data flows
via UDP. In this protocol, the client initiates a connection to the server on
TCP 554. Both the client and server exchange the series of request and
responses. The RTSP client and server mutually negotiate the transport
parameters (such as lower transport, unicast or multicast, source, destination,
port, and so on) through the SETUP request and response.
The SETUP request contains a transport header that may contain a number of
transports that are acceptable to the client for data transmission.
The RTSP ALG
■ reads SETUP requests in the control-connection payloads and checks for
the following strings in the payload:
• client_port
• server_port
■ opens data associations to permit audio and/or video data transfers
through the firewall according to the information in the above strings.
■ translates port information according to NAT policies.