This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG Firewall & Google Nest updates

I'm new to Sophos. I'm running an XG unit at home for testing so have a few devices you wouldn't normally see in a business environment.  I have two new Google Nest Hubs I'm trying to add to my network, the setup process involves them performing an update but they refuse to update so I cannot complete the setup, they both just sit on updating 0% or throw a network error The two existing Nest Hubs on my network seem to work fine, however my guess is that when they need an update they will face the same issue.

I can't find anything from Google regarding what ports are required for these devices.  I tried adding some exceptions to the webfilter for google updates I found in another post but I'm not sure if they're only relevant to chrome updates or they're also used for Nest products.

Matching URLs:
^dl\.google\.com
^tools\.google\.com


This thread was automatically locked due to age.
Parents
  • Hello Brent,

    Thank you for contacting the Sophos Community.

    I would recommend you to create a Firewall rule for the IPs of the Google Nest devices and put it on the TOP of the Firewall Rules, and leave the Firewall Rule like this:

    Next create a SSL/TLS exception for the IPs of the Google Nest

    See if after this the devices upgrade, if so, then you can start by choosing the Web Filter (Decrypt HTTPS during web proxy filtering) and Use Web Proxy instead of DPI. 

    Then put the awarrenhttp.log in debug mode from the Advanced shell of the XG, (5 > 3)

    # cd /log

    #service awarrenhttp:debug -ds nosync

    Then get the Google devices to update and tail the log

    # tail -f awarrenhttp_access.log 

    If the XG Web Filter is blocking something, you should see it here, and you can create exceptions for this URLs.

    Regards,


     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
Reply
  • Hello Brent,

    Thank you for contacting the Sophos Community.

    I would recommend you to create a Firewall rule for the IPs of the Google Nest devices and put it on the TOP of the Firewall Rules, and leave the Firewall Rule like this:

    Next create a SSL/TLS exception for the IPs of the Google Nest

    See if after this the devices upgrade, if so, then you can start by choosing the Web Filter (Decrypt HTTPS during web proxy filtering) and Use Web Proxy instead of DPI. 

    Then put the awarrenhttp.log in debug mode from the Advanced shell of the XG, (5 > 3)

    # cd /log

    #service awarrenhttp:debug -ds nosync

    Then get the Google devices to update and tail the log

    # tail -f awarrenhttp_access.log 

    If the XG Web Filter is blocking something, you should see it here, and you can create exceptions for this URLs.

    Regards,


     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
Children
No Data