Doorbird doesn't work behind Sophos XG Firewall

Question

We have a Doorbird-doorbell behind our Sophos XG Firewall with Firmware.... 
 I also read these articles: 
 https://community.sophos.com/sophos-xg-firewall/f/discussions/125260/doorbird-connected-to-sophos-xg 
 The article says using SSL/TLS-Decryption this is the solution but I tried it and it doesn't work, too: https://community.sophos.com/sophos-xg-firewall/f/discussions/124615/how-to-unblock-ring-doorbell-app-when-sophos-xg-is-using-ssl-tls-decryption 
 So here is another article with the same problem and also no solution: 
 https://community.sophos.com/sophos-xg-firewall/f/discussions/128958/doorbird-connected-to-sophos-xg-with-no-external-access/473281?focus=true#473279 
 
 I posted the details in the article above but I am afraid nobody see it in the discussion. So I open this new question. 
 
 Here is my summary: 
 
 The Doorbird doesn't get a connection with the XG-Firewall.

Have the same rule as described here https://community.sophos.com/sophos-xg-firewall/f/discussions/128958/doorbird-connected-to-sophos-xg-with-no-external-access/473281?focus=true#473279 :

Additional I added an SSL/TLS Inspection-Rule as described here https://community.sophos.com/sophos-xg-firewall/f/discussions/124615/how-to-unblock-ring-doorbell-app-when-sophos-xg-is-using-ssl-tls-decryption :

But I see a lot of errors in the log:

And I also see this in capturing mode - the Local-ACL-violation is strange. Tried this Question to help but I don`t understand a solution: 
 https://community.sophos.com/sophos-xg-firewall/f/discussions/102533/local_acl

This is the detail-view: 
 Packet information

Ethernet header

Source MAC address:1c:ca:e3:7b:0c:8e

Destination MAC address: ff:ff:ff:ff:ff:ff

Ethernet type IPv4 (0x800)

IPv4 Header

Source IP address: 192.168.0.60

Destination IP address: 255.255.255.255

Protocol: UDP

Header:20 Bytes

Type of service: 0

Total length: 49 Bytes

Identification:0

Fragment offset:16384

Time to live: 64

Checksum: 31192

UDP Header:

Source port:3074

Destination port: 35344

Length: 29

Checksum: 47622

So I don't know what to do. I changed the doorbird hardware but with the new part it's still the same problem. So I think it's an FW-Error. 
 
 Please - is there anyone with a solution?

I couldn't find it in the other questions. A lot of people describe the same problem but nobody has an answer. 
 
 David

LuCar Toni · Answer

If so, the firewall will actually ignore the packets. 
 So lets recap quickly on what is going on: 
 The device is doing a broadcast, its like screaming in a room, hoping somebody is answering. 
 If you have multiple network segments, its like having multiple rooms in a house. Your device only screams in the living room, your application is in another room. 
 Most products cannot "forward" this scream, as this is highly untwanted by a network administrator. There are reasons not to forward this. And the firewall does not know, in which room in has to forward this etc. 
 What you can do: You could increase the room size by building a network bridge. This means, it will increase the subnet of the network to a bigger size network. 
 Can you link us a screenshot of your interfaces? Where is the application / mobile device? 
 PS: This packets will not reach the Internet in any way. You cannot configure that. So it seems like you have to configure the device with a mobile app first.

Doorbird doesn't work behind Sophos XG Firewall

Top Replies