Flussonic and firewall¶

Firewall is software to protect the network from unauthorized access based on a defined set of rules. A firewall can block both inbound and outbound connections.

In video streaming, an enabled firewall doesn't protect the server but causes issues. On the video streaming server, only those ports are open that are required to serve clients, and the firewall closes access to the server by blocking ports and doesn't analyze the traffic itself. If you want to improve security, remove the port from the public interface.

When you install Flussonic on a server and specify the admin port, you have two open ports (three with HTTPS port 443): HTTP port 80 and SSH port. A firewall has nothing to protect.

If you can't do without a firewall because of paper security and compliance, consider the following:

• It's important to distinguish rules on inbound and outbound connections. Since there are two ports open on the Flussonic server, it makes no sense to restrict inbound connections and outbound connections. If a malicious hacker has connected to the server, it's too late to protect the server.
• The firewall affects WebRTC streaming as Flussonic selects a random port for WebRTC. For the same reason, the firewall can also affect UDP (User Datagram Protocol) multicast data transmission.
• The firewall blocking outgoing connections restricts access to the licensing system. Flussonic initiates the connection to the licensing server. If you block outgoing connections, you lose access to the license. The question about which IP address to allow for the license to work isn't correct, because it's not clear whether to establish inbound or outbound connections. The IP address of the licensing server isn't static and can change over time. So if you add it to your firewall rules, it's temporary.
• When you contact technical support, engineers will ask you to disable the firewall. In 90% of cases disabling the firewall solves the issue.

To learn about server security, see Securing Flussonic.