Flash video streaming does not work through the ProxySG appliance . It tries to load for a while and then shows an error "server not found" or "connection timed out." This occurs with embedded flash videos that use RTMP over port 1935.
This problem can occur in an explicit deployment with an explicit IP address or a PAC file, or in transparent deployments.
Verify you have a Flash license. To verify that you have a valid Flash license, select:
If you do not have a Flash license, contact the Symantec Customer Care for help.
In an explicit deployment, you need to make sure that Flash traffic is passing through the appliance. Some websites that have embedded flash streaming video don't look at the browser's proxy configuration or PAC file settings. Instead, they try to connect directly over the default gateway configured on the client workstation.
The easiest way to isolate this problem is to take a packet capture on the client workstation that is unable to play Flash video; follow the traffic over port 1935. If Flash traffic is passing through them the packet capture will look similar to the one below.
In this example, Destination URL: http://www.globaltv.com, Client IP: 10.167.0.138, IP: 10.169.3.131.
If the browser's proxy configuration or PAC file settings are not being used, the packet capture will show that it's taking the default gateway settings on the client workstation and then getting blocked on the firewall. Displaying the filter "tcp.port==1935" will show this.
In a transparent deployment, make sure that port 1935 is:
Intercepted on the appliance.
Redirected from the WCCP router.
Not closed on the firewall/default gateway.
One way to solve this problem is to open port 1935 and the destination IP on the firewall (assuming the IP is not a random IP address). Another option is to disable the HTTP handoff for Flash:
If videos still are not loading, you can configure static bypass rules as a temporary workaround. You can set up the destination IP (where the Flash content is hosted) to be bypassed by the appliance:
Static Bypass List
Alternatively, you can configure a single client IP address as a static bypass for all destinations. If you are able to play the video using the workaround, call Symantec Technical Support for further troubleshooting.
Subscribing will provide email updates when this Article is updated. Login is required.