Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Flash Videos (via RTMP) do not play

  1. Last updated
  2. Save as PDF

What is RTMP?

Real Time Messaging Protocol is a proprietary protocol developed by Macromedia, now owned by Adobe, for streaming media over the internet using a flash player and server.

NOTE: Not all flash video uses RTMP. For example, youtube and many other sites don't. However, some do and this is to help you understand why RTMP may not stream in your environment.

Troubleshooting

Why Won't Flash Videos Play In My Environment?

The answer actually has two parts:

  1. When streaming using RTMP, Flash Player does not honor browser proxy settings and will attempt to connect to the server directly. It will first attempt to connect on port 1935, which is most commonly blocked in a corporate environment. It does have the ability to downgrade to RTMPT (RTMP Tunneled) which uses RTMP data encapsulated in HTTP on port 80, but will often still attempt to connect directly to the server. In our experience, most servers don't seem to be configured to allow this fallback over ports 80 or 443. The best solution is to allow port 1935
  2. Since this is a proprietary protocol, and is not HTTP, you can not simply port forward this traffic over to the Web Gateway. The Web Gateway is an HTTP proxy and will respond with a '400 Bad Request' if the traffic if it does not receive valid HTTP.

How Can I Tell if the Video is Using RTMP?

The easiest way is to run Wireshark on the client while you attempt to stream the video and use the filter "tcp.port eq 1935". I am using a video from http://www.history.com for my example.
clipboard_e96e6e92aac74566e4d60256aa031fc23.png

If you don't see any traffic on port 1935, there's a good chance that the site is first negotiating the connection directly over port 80 and or 443. Again, this connection does not honor browser settings so it may fail if you block users from connecting directly out on these ports. Similarly, if you are in a transparent environment, such as WCCP, and forward port 80 and 443 traffic to the Web Gateway this negotiation will fail as it is not valid HTTP traffic. Notice the lack of HTTP headers in the following screenshot:
clipboard_ee0cdb8dc84a67d7a089c155f68513fd8.png

Unfortunately, there is no way to make this work with the Web Gateway as it is not HTTP.

Tunneling RTMP in a Transparent Setup

It is possible to tunnel RTMP traffic through the Web Gateway in a transparent setup. When tunneling the traffic, Web Gateway is only able to provide basic security controls (like URL Filtering). An example of this can be found in this Community discussion:

Conclusion

Hopefully, you have a starting point to troubleshooting flash video errors now. You will typically need to open up port 1935 outbound on your firewall for your users if you wish to allow RTMP in your environment when using direct proxy or find a way to make the traffic go direct if in a transparent environment.

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    This page has no tags.