Why can't I view RealPlayer videos when using Cisco Web Security Appliance with NTLM authentication enabled?
PDF(6.7 KB) View with Adobe Reader on a variety of devices
Updated:July 15, 2014
Environment: Cisco Web Security Appliance (WSA), all versions of AsyncOS
NOTE: RTSP is not supported by our appliance at the current time.
If you open a RealPlayer video you might see a message "A general error has occurred" and a reference to a rtsp://link. This message appears because RealPlayer is not authenticating properly.
If we run a packet capture when RealPlayer video does not play, then we can see that the RealPlayer application does not provide credentials to the Cisco Web Security Appliance.
Below is the sequence of events that should happen when authentication works properly
First socket ------------------------- Client -> S-Series: GET ... WSA -> Client: 407 Authorization required
On a new socket ------------------------- Client -> S-Series: GET ... (NTLMSSP_NEGOTIATE) WSA -> Client: 407 Authorization required (NTLMSSP_CHALLENGE) Client -> S-Series: GET ... (NTLMSSP_AUTH) WSA -> Client: Content...
With Real Player, the client/application closes the connection after each of the above steps, and therefore proper authentication doesn't occur.
Bypassing authentication for the RealPlayer, using its User Agent 'realplayer' will resolve this issue.
For more information on how to bypass authentication based on the useragent, please refer to the following aritcle: https://techzone.cisco.com/t5/Web-Security-Appliance-WSA/How-to-bypass-authentication-for-specific-user-agents/ta-p/274340