Yeh; the live demo is nothing more than marketroid spew and it requires their "special ActiveX control"; that ain't happenin' here. Actually, this gives something approaching "real" information: http://support.dlink.com/faq/view.asp?prod_id=1433&question=DCS-2000%20/ %20DCS-2100+%20/%20DCS-5300%20/%20DCS-5300W%20/%20DCS-5300G (watch out for the wrap beast) Even then, it's really sloppy info. According to that page, you need (direct quote): - 80 (TCP) HTTP Port (allows access to web-configuration and transmits video if other ports are not forwarded) - 5001 (TCP/UDP) Control Channel Port (used to synchronize audio and video) - 5002 (TCP/UDP) Audio Channel Port (transmits synchronized audio) - 5003 (TCP/UDP) Video Channel Port (transmits synchronized video) Based on the second DI-604 screenshot, these protocols are "inbound", since they specify that it's from WAN to LAN. Notice that they also allow it from any external IP. Welcome to hacker-land, boys & girls... Here's the deal: 1 - only Firewall clients can use this, SecureNAT and Web Proxy folks ain't getting audio at all (are you listening?). If you can't / won't support FW clients, stop reading now. 2 - create your protocol definition thusly: Primary connection = TCP:80 outbound Secondary connection = TCP:5001-5003 Inbound Secondary connection = UDP:5001-5003 Receive-Send 3 - create your "camera" rule using this protocol and make sure it's listed BEFORE any other HTTP-based allow rule or you won't get the secondary port behavior you need. 4 - create Firewall Client Application settings as: <name of app> RemoteBindTcpPorts = 5001-5003 <name of app> RemoteBindUdpPorts = 5001-5003 5 - install the Firewall client software on any host that expects to view / control this camera ..bear in mind that I have absolutely no way to test this, but if their information is correct, it should work. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! -----Original Message----- From: Paul Deen [mailto:pdeen@xxxxxxxxxxxx] Sent: Wednesday, November 24, 2004 7:22 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: Web Cam ports http://www.ISAserver.org Hello, Thanks for your reply. The actual camera is a DLINK, I have read the mfr website and manuals etc. I have tested/connected to it via several different locations and the only place I am having problems is behind our ISA. For example, at home, using my basic linksys router and Zonealarm, everything loads fine, I hear audio, can move the camera etc. But when I'm behind ISA 2004, the only way it seems to work (sometimes, like on my machine, but not my users) for me is if I disable the clients Web Proxy settings, making the machine use only the Firewall client, then I can control it, but still no audio. The setup on the camera end it uses Protocols TCP and UDP on ports 5001-5003 as well as port 80 for the HTML portion. Here is a live demo from the mfr of the camera: http://www.dlink.com/products/liveDemo/?model=DCS-5300W Any other advice? Thanks again, Paul Deen -----Original Message----- From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx] Sent: Tuesday, November 23, 2004 4:35 PM Subject: RE: Web Cam ports "any advice" would depend on a better understanding of: 1 - the actual camera in use; maybe the mfr website has some clues (though not always) 2 - the actual protocols (TCP/UDP) that use those "ports" and their direction (I suspect "outbound", or "send", but that's assumption) Your internal hosts will have to be firewall clients to use secondary protocols that have no matching application filter; no way around that. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! -----Original Message----- From: Paul Deen [mailto:pdeen@xxxxxxxxxxxx] Sent: Tuesday, November 23, 2004 2:26 PM To: [ISAserver.org Discussion List] Subject: [isalist] Web Cam ports http://www.ISAserver.org Hello, We are using ISA 2004 and my clients are Firewall Clients as well as Web Proxy Clients (IE6). There is a WebCam (long story) on the internet that we need to be able to view and control. It uses 3 ports, 80 (normal, used for the html part) and 5001,5002,5003 (used for audio and to control the camera). I have tried creating a user defined protocol rule with parameters of Port 5001-5003 TCP with a secondary connection of Port 80 TCP. If I set them to inbound, doesn't seem to help, but when I set them both to Outbound, then it seems to work, somewhat, only with the Firewall client, not the web proxy. If I disable the Web Proxy settings in IE, then it seems to work okay. But then my users don't get the benefits of the Web proxy cache, which is why I have made them Web Proxy clients. How can I make this work through the Web Proxy? This camera is not hosted by us, it is host externally, we just need to be able to view it and the audio and controls use ports 5001-5003. Any advice would be greatly appreciated. Thanks, Paul All mail to and from this domain is GFI-scanned.