Streaming MP4 files via SWG


Description:
In order to play certain videos, MP4 files must be allowed to stream through Secure Web Gateway (SWG) appliances running system version 9.2 and below.

Symptoms:
When trying to play a video, the content will not load.  The video player might indicate that it is still trying to load the video, or it could display an error.  The logs on the SWG appliance will not indicate that any content was blocked.

Cause:
Symptoms like those described above are usually the result of the video being in a format that doesn’t stream by default on the SWG system.  In particular, MP4 files are becoming more common, and YouTube has started using this file format for their high definition videos.  Although SWG system version 9.2.5 streams MP4 files by default, earlier versions do not do this.

Solution:
In order to allow content to stream to the client, that content must bypass SWG appliance’s scanning mechanisms.  If the administrator only wants to allow the content from a particular site, this is typically accomplished by adding the video’s address to the Trusted Sites URL List.  Please note that the video might be hosted on a different site than the one that appears in the browser’s address bar while the video is playing.  If the administrator would prefer to allow all MP4 files from all web sites, this can be accomplished by following the steps below.

  1. In the Vital Security web interface, navigate to Policies -> Condition Settings -> Header Fields.
  2. Right-click on the Header Fields folder in the left pane and left-click on Add Component.


  3. In the Name field, enter a name to describe this list.  Since the list will be used for MP4 files, a simple name like “MP4 Files” is recommended.
  4. Click the green + icon to add an entry to the list.  Define the entry as indicated below (please match the capitalization exactly):

    Header Name: Content-Type
    Condition: Equal
    Header Value: video/mp4


  5. Click the Save button.
  6. Navigate to the security policy (Policies -> Security -> Advanced) that will be configured to allow MP4 files.  Please note that this must be a custom security policy, since the built-in security policies are not editable.  It is possible to duplicate a built-in security policy and use it as the basis for a custom security policy by right-clicking the policy to be duplicated and choosing the Duplicate Policy option.
  7. Right-click the Allow Streaming rule and choose the Insert New Rule option.


  8. Define a name for the rule in the Rule Name field.  An example rule name would be “Allow MP4 Files”.
  9. Select "Allow" in the Action field and select "Bypass scanning" in the Advanced Action field.
  10. Click the Save button.
  11. Right-click the new rule and select the Add Condition option.


  12. In the Condition Name field, select Header Fields
  13. In the list of checkboxes, select the new header fields list that was created in Step 3 above.
  14. Click the Save button.
  15. Right-click the new rule and select the Add Condition option.
  16. In the Condition Name field, select True Content Type.
  17. In the list of checkboxes, select Video Image.
  18. Click the Save button.
  19. If this policy is already assigned to users, commit the change.  Otherwise, it might be necessary to assign the policy to users before committing.

Software Versions:
9.0
9.2


Last Modified 6/14/2010.
https://support.trustwave.com/kb/KnowledgebaseArticle13831.aspx