Solution found for Netflix streaming on mobile with web filtering enabled

Please do not use the excessive RegEx that were posted there.  There is poor RegEx including unparsable things and overly wide definitions that will catch a lot of non netlflix traffic.

Instead use the list here, which is a corrected and trimmed version.

https://community.sophos.com/kb/en-us/125061

Thank you Michael for pointing that out. But could you maybe go into more detail? For me Netflix works with the list from this post, but not with the "official one". I only skip SSL, nothing else.

Since I wrote the official one and had it confirmed by some people, I'm concerned and interested.

From my memory, you must skip antivirus scanning.

Please note that the "list from this post" is poorly written regex that does not do what the person intended.  For example it includes this regex:

^45.57.([0-1][0-1][0-9])|(12[0-7]).*

Which actually matches anything with 12[0-7] in it.  In other words that regex matches the url my.company.com/foo125/bar

And this one:

^37.77.1(8[4-9])|(9[0-1])].*

Which is unparseable due to an extra ]

Can you do the following.

Use the regex from the KB and exclude AV.

Clear the log file

> /var/log/http.log

Reproduce the problem.

Then PM me a copy of the http.log.

The issue is found.  The KB article is written for XG.  For UTM the format for the exception is slightly different.  You must prepend each entry with https?://

^https?://([A-Za-z0-9.-]*\.)?ne?t?fli?x(img|ext|video)?\.(com|net)/
^https?://23\.246\.([0-9]|[1-5][0-9]|6[0-3])\.[0-9]
^https?://37\.77\.(1(8[4-9]|9[0-1]))\.[0-9]
^https?://45\.57\.([0-9]|[1-9][0-9]|1([0-1][0-9]|2[0-7]))\.[0-9]
^https?://64\.120\.(1(2[8-9]|[3-9][0-9])|2([0-4][0-9]|5[0-5]))\.[0-9]
^https?://66\.197\.(1(2[8-9]|[3-9][0-9])|2([0-4][0-9]|5[0-5]))\.[0-9]
^https?://192\.173\.(6[4-9]|[7-9][0-9]|1([0-1][0-9]|2[0-7]))\.[0-9]
^https?://69\.53\.(2(2[4-9]|[3-4][0-9]|5[0-5]))\.[0-9]
^https?://108\.175\.(3[2-9]|4[0-7])\.[0-9]
^https?://185\.2\.(2(2[0-3]))\.[0-9]
^https?://185\.9\.(1(8[8-9]|9[0-1]))\.[0-9]
^https?://198\.38\.(9[6-9]|1([0-1][0-9]|2[0-7]))\.[0-9]
^https?://198\.45\.(4[8-9]|5[0-9]|6[0-3])\.[0-9]
^https?://208\.75\.(7[6-9])\.[0-9]

The issue is found.  The KB article is written for XG.  For UTM the format for the exception is slightly different.  You must prepend each entry with https?://

^https?://([A-Za-z0-9.-]*\.)?ne?t?fli?x(img|ext|video)?\.(com|net)/
^https?://23\.246\.([0-9]|[1-5][0-9]|6[0-3])\.[0-9]
^https?://37\.77\.(1(8[4-9]|9[0-1]))\.[0-9]
^https?://45\.57\.([0-9]|[1-9][0-9]|1([0-1][0-9]|2[0-7]))\.[0-9]
^https?://64\.120\.(1(2[8-9]|[3-9][0-9])|2([0-4][0-9]|5[0-5]))\.[0-9]
^https?://66\.197\.(1(2[8-9]|[3-9][0-9])|2([0-4][0-9]|5[0-5]))\.[0-9]
^https?://192\.173\.(6[4-9]|[7-9][0-9]|1([0-1][0-9]|2[0-7]))\.[0-9]
^https?://69\.53\.(2(2[4-9]|[3-4][0-9]|5[0-5]))\.[0-9]
^https?://108\.175\.(3[2-9]|4[0-7])\.[0-9]
^https?://185\.2\.(2(2[0-3]))\.[0-9]
^https?://185\.9\.(1(8[8-9]|9[0-1]))\.[0-9]
^https?://198\.38\.(9[6-9]|1([0-1][0-9]|2[0-7]))\.[0-9]
^https?://198\.45\.(4[8-9]|5[0-9]|6[0-3])\.[0-9]
^https?://208\.75\.(7[6-9])\.[0-9]