another streaming media site not working...

Hi there,

Some error messages or logs that show something like packetfilter or proxy logs would be really helpful as well as some info on what application you're trying to get to work and what exactly is not working.

In gerneral you should check IDS, packetfilter and proxy log for entries.

There is no visible error in the client bowser, she can get to the site but the streaming just does not start.

There is only one entry in the HTTP (to get to the site), nothing in the Packet Filter live log (at all), and the following in the IPS:

2010:04:27-08:43:03 rastro1-2 ulogd[22135]: id="2104" severity="info" sys="SecureNet" sub="ips" name="ICMP flood detected" action="ICMP flood" fwrule="60014" seq="0" initf="eth1" outitf="eth1" dstmac="00:1a:8c:f0:41:21" srcmac="00:00:00:00:00:00" srcip="213.198.54.80" dstip="192.139.126.240" proto="1" length="56" tos="0x00" prec="0x00" ttl="238" type="11" code="0" 
2010:04:27-08:43:03 rastro1-2 ulogd[22135]: id="2104" severity="info" sys="SecureNet" sub="ips" name="ICMP flood detected" action="ICMP flood" fwrule="60014" seq="0" initf="eth1" outitf="eth1" dstmac="00:1a:8c:f0:41:21" srcmac="00:00:00:00:00:00" srcip="87.238.81.25" dstip="192.139.126.240" proto="1" length="56" tos="0x00" prec="0x00" ttl="247" type="11" code="0" 
2010:04:27-08:43:04 rastro1-2 ulogd[22135]: id="2104" severity="info" sys="SecureNet" sub="ips" name="ICMP flood detected" action="ICMP flood" fwrule="60014" seq="0" initf="eth1" outitf="eth1" dstmac="00:1a:8c:f0:41:21" srcmac="00:00:00:00:00:00" srcip="213.144.15.5" dstip="192.139.126.240" proto="1" length="68" tos="0x00" prec="0xc0" ttl="55" type="3" code="3" 
2010:04:27-08:43:06 rastro1-2 ulogd[22135]: id="2104" severity="info" sys="SecureNet" sub="ips" name="ICMP flood detected" action="ICMP flood" fwrule="60014" seq="0" initf="eth1" outitf="eth1" dstmac="00:1a:8c:f0:41:21" srcmac="00:00:00:00:00:00" srcip="87.238.81.25" dstip="192.139.126.240" proto="1" length="56" tos="0x00" prec="0x00" ttl="247" type="11" code="0" 
2010:04:27-08:43:06 rastro1-2 ulogd[22135]: id="2104" severity="info" sys="SecureNet" sub="ips" name="ICMP flood detected" action="ICMP flood" fwrule="60014" seq="0" initf="eth1" outitf="eth1" dstmac="00:1a:8c:f0:41:21" srcmac="00:00:00:00:00:00" srcip="129.250.24.194" dstip="192.139.126.240" proto="1" length="56" tos="0x00" prec="0x00" ttl="240" type="11" code="0" 
2010:04:27-08:43:07 rastro1-2 ulogd[22135]: id="2104" severity="info" sys="SecureNet" sub="ips" name="ICMP flood detected" action="ICMP flood" fwrule="60014" seq="0" initf="eth1" outitf="eth1" dstmac="00:1a:8c:f0:41:21" srcmac="00:00:00:00:00:00" srcip="216.182.232.17" dstip="192.139.126.240" proto="1" length="56" tos="0x00" prec="0xc0" ttl="248" type="11" code="0" 
2010:04:27-08:43:10 rastro1-2 ulogd[22135]: id="2104" severity="info" sys="SecureNet" sub="ips" name="ICMP flood detected" action="ICMP flood" fwrule="60014" seq="0" initf="eth1" outitf="eth1" dstmac="00:1a:8c:f0:41:21" srcmac="00:00:00:00:00:00" srcip="79.125.52.203" dstip="192.139.126.240" proto="1" length="68" tos="0x00" prec="0x00" ttl="53" type="3" code="3" 
2010:04:27-08:44:08 rastro1-2 ulogd[22135]: id="2104" severity="info" sys="SecureNet" sub="ips" name="ICMP flood detected" action="ICMP flood" fwrule="60014" seq="0" initf="eth0" outitf="eth0" dstmac="00:1a:8c:f0:41:20" srcmac="00:00:00:00:00:00" srcip="172.18.79.12" dstip="172.18.125.121" proto="1" length="80" tos="0x00" prec="0xc0" ttl="63" type="3" code="10" 
2010:04:27-08:44:14 rastro1-2 ulogd[22135]: id="2104" severity="info" sys="SecureNet" sub="ips" name="ICMP flood detected" action="ICMP flood" fwrule="60014" seq="0" initf="eth0" outitf="eth0" dstmac="00:1a:8c:f0:41:20" srcmac="00:00:00:00:00:00" srcip="172.18.79.12" dstip="172.18.125.121" proto="1" length="80" tos="0x00" prec="0xc0" ttl="63" type="3" code="10" 
2010:04:27-08:44:20 rastro1-2 ulogd[22135]: id="2104" severity="info" sys="SecureNet" sub="ips" name="ICMP flood detected" action="ICMP flood" fwrule="60014" seq="0" initf="eth0" outitf="eth0" dstmac="00:1a:8c:f0:41:20" srcmac="00:00:00:00:00:00" srcip="172.18.79.12" dstip="172.18.125.121" proto="1" length="80" tos="0x00" prec="0xc0" ttl="63" type="3" code="10" 

Does it work for you?

Thanks.

Is 172.18.125.121 on a different subnet than 172.18.79.12 ? Is 172.18.125.121 the server for the application?

So basically your user is trying to access a website that has streaming content on it? Do you have "Bypass content scanning for streaming content" selected?

Does it work when you add the destination IP to your "skip transparent proxy" list?

Yesh it is...

172.18.79.12 is a pc somewhere on our network that has nothing to do with this issue...

Yesh she is...

Yesh I believe we do:

No, it is still not working...

Hmmm, "ICMP flood"...

'Network Security >> Intrusion Prevention' - 'Exceptions' - 'Anti-DoS/Flooding ICMP'

Cheers - Bob

errrmmmm, I should make an exception for that?

I wasn't sure to which IP(s?) or subnet(s?) the Exception should apply.