SRX

last person joined: 9 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  Allowing Facetime through SRX

    Posted 06-30-2014 13:15

    I was wanting to know if anyone has had any luck allowing Facetime through the SRX? If so can you provide a configuration example? I have all of the port numbers from apple but have not been succesful creating the policies necessary to establish a Facetime session.

     

    Thanks,

     

    Cole 



  • 2.  RE: Allowing Facetime through SRX

    Posted 07-01-2014 01:47

    Hi Cole,

     

    I never tested it but you can try:

     

    Following ports needs to be open

    53
    80 (normally open anyway for web)
    443
    4080
    5223
    udp 16399-16472

    ++++++++++++++++++++++++++++++++++++++++++

     

    Create a specific custom application for these ports and group them to a custom application set and cofigure security policy to allow these ports.

    Verify if it is working.

    If it still does not work , then you may need to play with enabling or disabling SIP ALG>


    KB for custom application creation:

    http://kb.juniper.net/InfoCenter/index?page=content&id=KB13365

    KB for enabling or disabling ALG

    http://kb.juniper.net/InfoCenter/index?page=content&id=KB25546

     

    Thanks & Regards,
    rparthi


    [Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too] .....



  • 3.  RE: Allowing Facetime through SRX

    Posted 07-01-2014 05:01

    I had a ticket for facetime failures behind an SRX recently.  It turned out to be this IOS certificate issue.  the user needs to upgrade to the specified versions of IOS.

     

    http://support.apple.com/kb/ts5419



  • 4.  RE: Allowing Facetime through SRX
    Best Answer

    Posted 07-01-2014 07:51

    These applications work for me:

     

    applications {
    application FaceTime-3478-3497 {
        protocol udp;
        destination-port 3478-3497;
    }
    application FaceTime-16384-16387 {
        protocol tcp;
        destination-port 16384-16387;
    }
    application FaceTime-16393-16402 {
        protocol udp;
        destination-port 16393-16402;
    }
    application FaceTime-16384-16387-UDP {
        protocol udp;
        destination-port 16384-16387;
    }
    application iTunesLibrary {
        protocol tcp;
        destination-port 3689;
    }
    application Bonjour {
        protocol tcp;
        destination-port 5353;
    }
    application apple-push-notification {
        protocol tcp;
        destination-port 5223;
    }
    application apple-push-notification-2195 {
        protocol tcp;
        destination-port 2195;
    }
    application apple-push-notification-2196 {
        protocol tcp;
        destination-port 2196;
    }
    application-set apple-apps {
        application FaceTime-16384-16387;
        application FaceTime-16384-16387-UDP;
        application FaceTime-3478-3497;
        application iTunesLibrary;
        application Bonjour;
        application apple-push-notification;
        application apple-push-notification-2195;
        application apple-push-notification-2196;
        application FaceTime-16393-16402;
    }
}

     



  • 5.  RE: Allowing Facetime through SRX

    Posted 07-15-2014 06:18

    This worked. Thank you Ben.