Flash applications can bypass the ProxySG appliance in an explicit deployment and go directly out via firewall on port 1935 (RTMP).

To prevent this occurrence, block the port on the firewall. After you block the port, however, Flash applications could try to go out via the appliance based on the computer/browser's configuration as RTMPT (RTMP tunneled) using http port (80) or 443.

Note: If RTMPT uses port 443 (not true SSL packets), the detect protocol feature would be able to detect this traffic and should fail the connection by default.

Use one of two methods to block the Flash streaming content. To determine which one to use, verify if the appliance has a Flash license:

1. In the Management Console, select Maintenance > Licensing > View > Licensed.
2. Look for a component named Flash Streaming. In this component does not exist, the appliance has no Flash license. To obtain a Flash license, contact your local sales representative. 

Example of a Flash Streaming license:

Component name:         Flash Streaming

Valid:                  yes

Serial number:          XXXXX-XXXXX

Product Description:    SOFTWARE, Flash

Part Number:            FLASH

Activation date:        None

Expiration date:        2016-05-18

Option:                 Premium

If your appliance has a Flash license

Deny Flash streaming content with the following policy:

<Proxy> 

streaming.content=(flash) Deny  

<Proxy>

request.header.User-Agent="Shockwave Flash"  DENY
request.header.Content-Type="application/x-fcs" http.method=(POST) Deny