Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 7 replies
  • Answers 1 answer
  • Subscribers 3 subscribers
  • Views 39240 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How do I configure web filtering to allow netflix on ROKU?

EarlMatthew

Hi all, 

I have been trying to configure filtering rules to allow netflix streaming but for some reason I cannot get it to work. I have managed to get streaming to work for a little bit but then it fails. Is this an issue with the current UTM version or am I missing something? Are there specific entries that I should be using that are missed in my config?

These are my entries:
^https?://([A-Za-z0-9.-]*\.)?ne?t?fli?x(img|ext|video)?\.(com|net)/
^https?://[\d+(\.\d+){3}/]*/[0-9]{8}\.ism
^https?://([A-Za-z0-9.-]*\.)?netflix-*\.vo\.llnwd\.net
^https?://[\d+(\.\d+){3}/]*/[0-9]{9}\.ism
^https?://[\d+(\.\d+){3}/]*/[0-9]{10}\.ism
^http://.*.netflix.com/.*
^http.*?o=.*v=[0-9]&e=[0-9]{10}&t=.*$



This thread was automatically locked due to age.
  • 0

    Hi, Earl, and welcome to the UTM Group!

    Sorry, I don't think the folks that contributed to that thread on Astaro.org will re-create it here.  If you're lucky, you might get what you need with a google on site:astaro.org netflix.

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0

    Hello EarlMatthew,

    Not specific to Roku, but I had an extremely similar problem with netflix and my appletv, and the playstation store. The resolution was to add the device to the "Transparent Mode Skiplist". Basically you do the following. If you haven't already, create an object for your roku. Then add it to the skiplist at this location:

    Web Protection> Filtering Options> Misc Tab> Scroll down to "Transparent Mode Skiplist"

    Once applied, your issues with streaming netflix should go away.

  • 0
    A lot has already been written about Netflix on the old forum (www.astaro.org) which is now only available as read-only content.
    Bottom line: Netflix is almost impossible to run (and keep running) with webfiltering on. The easiest way is to exclude your device from webfiltering.

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • 0 in reply to PaulArneson
    When I do this for my Sony Smarttv this does not work at all, The app loads but when I try to play a movie or TV show it stops at 25% loading and hangs. When I do the same for a Minix (Android) box it does work. It seems there is no way to make the Netflix app work on a Sony smarttv.
  • 0

    I was using:

    Skipping: Authentication / Block by download size / Antivirus / Extension blocking / MIME type blocking / URL Filter / Content Removal / SSL scanning / Certificate trust check / Certificate date check / Do not display download/scan progress page

    Matching these URLs: ^https?://([A-Za-z0-9.-]*\.)?nflximg\.com\.?/

    ^https?://([A-Za-z0-9.-]*\.)?nflxvideo\.net\.?/

    ^https?://([A-Za-z0-9.-]*\.)?netflix\.com/

    ^https?://[\d+(\.\d+){3}/]*/[0-9]{8}\.ism

    ^https?://[\d+(\.\d+){3}/]*/[0-9]{9}\.ism

    ^https?://[\d+(\.\d+){3}/]*/[0-9]{10}\.ism

    ^https?://([A-Za-z0-9.-]*\.)?netflix-*.vo.llnwd.net/.*

    ^https?://secure\.netflix\.com/*

    ^https?://uiboot\.netflix\.com/*

    ^https?://nintendo.nccp.netflix.com/

    ^https?://customerevents.netflix.com/

    ^https?://api-global.netflix.com/

    ^https?://([A-Za-z0-9.-]*\.)?nflxvideo.net/

    ^https?://ipv6_1.lagg0.c[0-9]{1,3}.[A-Za-z][A-Za-z][A-Za-z][0-9]{1,3}.ix.nflxvideo.net/

    ^https?://([A-Za-z0-9.-]*\.)?nflximg\.net\.?/

    ^https?://cdn[0-9].nflximg.com/

    ^https?://cdn[0-9].nflximg.net/

    ^https?://108.175.[0-9]{1,3}.[0-9]{1,3}/\?o=([A-Za-z0-9.-]*\.)?

    or Coming from these user agents: Mozilla/5.0 (compatible; U; Nflx) Netflix/[0-9].[0-9].[0-9]

    Gibbon/[0-9]{1,4}.[0-9]{1,4}.[0-9]{1,4}/[0-9]{1,4}.[0-9]{1,4}.[0-9]{1,4}: Netflix/[0-9]{1,4}.[0-9]{1,4}.[0-9]{1,4} (DEVTYPE=NFX[0-9]{1,4}-[0-9]{1,4}-; CERTVER=[0-9]{1,4})

    But it essentially never worked.

    I agree with PaulArneson and apijnappels. "Transparent Mode Skiplist" is the only way unless you are some sort of Regex guru. Perhaps someone else could explain it to me more clearly but I have always added them to both the source and destination boxes. Another trick is, I don't know why but the inclination is to have the box "Allow HTTP/S traffic for listed hosts/nets" checked. In my experience however it needs to be unchecked for any of this to work.

    Just put your hosts (Roku in your case but it could be a PlayStation or whatever) in both and leave the box unchecked and you should be good to go.

    Best Regards - HTG
    Frustrated Sophos Partner seeing all the things
    that brought me to Sophos slowly slip away.
    RIP astaro.org

  • 0

    PaulArnesons fix worked for me.  My LGTV and Xbox One was having problems with Netflix, Vudu, etc.  Once I gave them a static IP and then added them to the transparent mode exclusions....they worked fine.

Unfiltered HTML