Problem
Users are unable to access or connect to MyTutor application when connected to the internet via the Smoothwall web filter/firewall.
Resolution
In order for users to connect to the MyTutor application a number of steps must first be performed in both the web filter and firewall.
Note that these instructions have been taken from the MyTutor tech manual and adapted to make them relevant to Smoothwall. Should these instructions not work, you should check the official MyTutor tech manual.
Web Filter
MyTutor makes use of the TURN protocol and as such some URLs need to be added to a 'Do Not Filter' policy.
- Navigate to 'Guardian > Policy Objects > Categories' and create a new category named 'MyTutor' which contains the following domains:
mytutor.co.uk
stun.l.google.com
stun.stunprotocol.org - Navigate to 'Guardian > Web Filter > Policy Wizard' and create a new policy as shown below;
Who: Everyone*
What: MyTutor
Where: Everywhere*
When: Always*
Action: Do not filter
* Change as appropriate
- Ensure that the newly created policy is placed towards the top of your web filter policy table.
Firewall
To share audio and video between users a number of ports will first need to be opened. To ensure your firewall remains locked down, these ports will only open to specific IP addresses.
- Navigate to 'Network > Settings > Address object manager' and create a new address object with the name 'MyTutor Media Servers' which contains the following IP addresses:
18.203.121.8
34.247.141.51
52.48.14.102
52.51.75.75
54.155.31.213
54.228.244.253
54.247.143.188
54.247.78.233
54.72.88.111
54.78.34.67
79.125.40.24
99.80.236.35
- Navigate to 'Network > Settings > Service object manager' and create a new service object with the name 'MyTutor Ports'. This service object should contain a block of 1000 UDP ports between 30000 and 65535. To add these ports simply enter a 1000 block of ports in the format "from:to" (e.g. 40000:41000) into the 'Add new service' section.
- Finally, navigate to 'Network > Firewall > Firewall rules' and create the following new policy:
Name: Allow access to MyTutor Media Servers
Source IP addresses: Any *
Inbound interfaces: Any *
Destination IP addresses: MyTutor Media Servers
Outbound interfaces: Any *
Services: MyTutor Ports
Groups: Any *
Action: Allow
* Change as appropriate