There are significant configuration issues witih the Sophos UTM when attempting to run the gaming platform Steam.
Apart from the need to configure several ports for it's use described here: https://support.steampowered.com/kb_article.php?ref=8571-GLVN-8711,
there are Intrusion Protection System rules that wreak havoc on the Steam Client. Since these rules have no management interface any more (once upon a time, they had a fairly nice page where you could scroll through classifications of SNORT rules and turn on/off or amplify the rule sets) it requires the UTM Administrator to parse the IPS logs and write down the SID's blocking the traffic and add them to the 'curious' interface under IPS/Advanced/Modify Rules and adjust accordingly. Note this interface does not provide any documentation to what you are doing or what you have done (not even a 'notes' field) so be careful here. No typos!
A quick glance at my own logs suggest the following rules need to be altered:
29465 - FILE-OTHER Corel PDF fusion XPS stack buffer overflow attempt
29466 - FILE-OTHER Corel PDF fusion XPS stack buffer overflow attempt
There are other complaints on this board regarding these two rules: https://community.sophos.com/products/unified-threat-management/astaroorg/f/54/t/41408
49759 - FILE-OTHER Corel PDF fusion XPS stack buffer overflow attempt
24397 - APP-DETECT Steam game URI handler
Yes, the UTM is intentionally blocking Steam games as a matter of Potential Corporate Privacy Violation, yet you can't set your own policies.
Finally, the IPS blocked traffic based on "SYN flood detected" action="SYN flood" so an exception for the machine(s) running the Steam client is in order.
Hope this helps someone.
This thread was automatically locked due to age.
