Firewall Assistance
What Protocols are Used for Video Streaming?
What is Protocol Rollover?
Allocating Ports for Windows Media Services
Ports used by a unicast stream
Understanding Firewalls and Protocols
A firewall is a piece of hardware or software that prevents data packets from either entering or leaving a network. To control the flow of traffic, numbered ports in the firewall are either opened or closed to specific types of packets. The firewall reviews two pieces of information in each arriving or departing packet: the protocol through which the packet is being delivered and the port number to which it is being sent. If the firewall is configured to accept the specified protocol through the targeted port, the packet is allowed through. [Back to top]
What Protocols are Used for Video Streaming?
Microsoft® Windows Media® Services 9 Series uses two streaming media protocols to deliver content as a unicast stream to clients:
- Real Time Streaming Protocol (RTSP)
- Microsoft Media Server (MMS) protocol
These protocols support client control actions such as stopping, pausing, rewinding, and fast-forwarding indexed Windows Media files.
RTSP is an application-layer protocol that was created specifically to provide controlled delivery of real-time data, such as audio and video content. You can use RTSP to stream content to computers running Windows Media Player 9 Series or later, to clients that use the Windows Media Player 9 Series ActiveX® control, or to other computers running Windows Media Services 9 Series. RTSP works in tandem with Real-Time Transport Protocol (RTP) to format packets of multimedia content and negotiate the most efficient transport-layer protocol, either User Datagram Protocol (UDP) or Transport Control Protocol (TCP), to use when delivering the stream to clients.
MMS is a proprietary application-layer protocol that was developed for earlier versions of Windows Media Services. You can use MMS to stream content to computers running Windows Media Player for Windows® XP or earlier.
Using HTTP
If ports on your firewall cannot be opened, Windows Media® Services can stream content by using Hypertext Transfer Protocol (HTTP) over port 80. HTTP can be used to deliver streams to all Windows Media Player versions.
[Back to top]
If clients that support RTSP connect to a server running Windows Media® Services using an RTSP URL moniker (for example, rtsp://) or an MMS URL moniker (for example, mms://), the server uses protocol rollover to stream the content to the client to provide an optimal streaming experience. Automatic protocol rollover from RTSP/MMS to RTSP with UDP-based or TCP-based transports (RTSPU or RTSPT), or even HTTP may occur as the server tries to negotiate the best protocol and provide an optimal streaming experience for the client. Clients that support RTSP include Windows Media Player 9 Series or later or other players that use the Windows Media Player 9 Series ActiveX control.
Earlier versions of Windows Media Player, such as Windows Media Player for Windows XP, do not support the RTSP protocol. However, the MMS protocol also provides protocol rollover support for these clients. Thus, when an earlier version of the Player attempts to connect to the server using an MMS URL moniker, automatic protocol rollover from MMS to MMS with UDP-based or TCP-based transports (MMSU or MMST), or even HTTP, may occur as the server tries to negotiate the best protocol and provide an optimal streaming experience for these clients.
To make sure that your content is available to all clients that connect to your server, ports on your firewall must be opened for all of the connection protocols that might be used during protocol rollover.
Be aware that users can disable streaming protocols in the property settings of Windows Media Player. If a user disables a protocol, it is skipped during rollover. For example, if HTTP is disabled, then URLs will not roll over to HTTP. [Back to top]
Allocating Ports for Windows Media Services
Most firewalls are used to control "inbound traffic" to the server; they generally do not control "outbound traffic" to clients. However, ports in your firewall for outbound traffic may be closed if a more stringent security policy is implemented on your server network. This section describes the default port allocation for Windows Media® Services for both inbound and outbound traffic (shown as "In" and "Out" in the tables) so that you can configure all ports as needed.
In some scenarios, outbound traffic may be directed to one port in a range of available ports. Port ranges shown in the tables indicate the entire range of available ports; however, you can allocate fewer ports within the port range. When deciding how many ports to open, balance security with accessibility by opening just enough ports to allow all clients to make a connection. As a starting point, determine how many ports you expect to use for Windows Media Services and then open 10 percent more to account for overlap with other programs. After you've established this number, monitor your traffic to determine if adjustments are necessary.
Port range restrictions potentially affect all remote procedure call (RPC) and Distributed Component Object Model (DCOM) applications that share the system, not just Windows Media Services. If the allocated port range is not broad enough, competing services such as IIS may fail with random errors. The port range must be able to accommodate all potential system applications that use RPC, COM, or DCOM services. [Back to top]
Ports used by a unicast stream
| Application Protocol | Protocol | Port | Description |
| RTSP | TCP | 554 (In/Out) |
Used for accepting incoming RTSP client connections and for delivering data packets to clients that are streaming by using RTSPT. |
| RTSP | UDP | 5004 (Out) |
Used for delivering data packets to clients that are streaming by using RTSPU. |
| RTSP | UDP | 5005 (In/Out) | Used for receiving packet loss information from clients and providing synchronization information to clients that are streaming by using RTSPU. |
| MMS | TCP | 1755 (In/Out) | Used for accepting incoming MMS client connections and for delivering data packets to clients that are streaming by using MMST. |
| MMS | UDP | 1755 (In/Out) | Used for receiving packet loss information from clients and providing synchronization information to clients that are streaming by using MMSU. |
| MMS | UDP | 1024-5000 (Out) | Used for delivering data packets to clients that are streaming by using MMSU. Open only the necessary number of ports. |
| HTTP | TCP | 80 (In/Out) | Used for accepting incoming HTTP client connections and for delivering data packets to clients that are streaming by using HTTP. |
[Back to top]
