Roblox not working if "Use web proxy instead of DPI engine" is active

Hi Chris,

First things, roblox uses UDP ports and DPI and SSL/TLS do not scan UDP ports.

1/. created a FQDN for roblox.com

2/. created a service for roblox UDP 1:65535 to 49152:65535

3/ created a firewall rule source LAN, network your LAN, destination WAN, network roblox (FQDN), service roblox, application - allow because you want to implement time limits

4/. uses IPS LANtoWAN general.

Try that and see how you go?

Ian

There is more if you have success with the above. Clone a copy of the rule and place it second, but instead of allow select drop.

Hello again, Ian!

1. I have done this

2. Yes, this also

3. I did create a firewall rule which is 3rd from top, below my DNS rules:

The rule is as follows:

I tested from the machine I perform tests from, to connect to a random UDP port in the roblox range and it matches the traffic correctly:

\

However I still get the same error on roblox

(keep in mind, though, that the Kids_policy with the games category is active, so it ultimately matches there).

If I don't use any of the above 4 steps and  simply remove the Games & Gambling category from the Kids policy, roblox loads normally

Add the IPS as I suggested and is the exception still set? Try adding https to the allowed. The error is a https failure by the look of it. You could check logviewer to see which ports are being used.

As an aside, you do not need to the XG in your DNS rules because it is outside the firewall functions.

Ian

Ooops sorry I missed the IPS part.

I added LANtoWAN general and also https (I hope this is what you meant)

With IPS only it again popped the same error.

Then added https and now it works. However it does not proceed to the kids_policy anymore so it is not alerting for quota.

Shall I attach the Kids_policy to this firewall rule to see what happens? (I guess not...)

Apologies, forgot to mention about the exception.. If you mean Web-->Exceptions, then no, I have the exception disabled (The exeption worked when I had it to skip policy checks for the roblox fqdn. But like with the https service added above, this would render the effort to use quota for it pointless)

Hi Chris,

you need to create a new time policy and apply it to the new rule. You will need different policies for each and every firewall rule once you start down the user/application blocking path.

Ian

I think I will drop this for now.. it has been too much of a hassle and definitely has to do with some kind of "quirkiness"  on roblox's side.

Regarding what you wrote about a new policy: This is how it was done in the first place. The kids policy is just a clone of the default policy with only the games category added to it. Before my need for the quota kids could access roblox just fine. And now, even if I have the web proxy active for their policy but just disable the games category, they have no issues accessing roblox.

The issue begins when Games is added to their web policy (even with allow). So to demonstrate: I disable all rules/exceptions I have created for this need. I only have the default policy that looks like this and kids can access roblox without any issues: 

Now I enable the kids rule which has the following web policy attached to it and is using Web proxy. The Games and Gambling category is set to allow as you can see. Now roblox has an issue and won't load the games.

Now I keep the use of web proxy instead of DPI and I simply disable the category. Kids can now access roblox without any issues again:

So, as you can see, under normal circumstances, roblox did not need any port opening or special exceptions to work. The issue starts when the site needs to be accessed through xg's web proxy and only then. So, since I see nothing being blocked by XG, I simply believe that roblox will only cause issues if it is accessed behind a proxy. At least this is what conclusion I came to..

Please do let me know if you believe there is still a workaround for this (perhaps you have already tried what I  am after and works? Do let me know please..) 

Otherwise I see no point to continue with this. It has taken far too long for something that was a supposing easy task.. 

 Thanks again Ian. I deeply appreciate your help.!

I think I will drop this for now.. it has been too much of a hassle and definitely has to do with some kind of "quirkiness"  on roblox's side.

Regarding what you wrote about a new policy: This is how it was done in the first place. The kids policy is just a clone of the default policy with only the games category added to it. Before my need for the quota kids could access roblox just fine. And now, even if I have the web proxy active for their policy but just disable the games category, they have no issues accessing roblox.

The issue begins when Games is added to their web policy (even with allow). So to demonstrate: I disable all rules/exceptions I have created for this need. I only have the default policy that looks like this and kids can access roblox without any issues: 

Now I enable the kids rule which has the following web policy attached to it and is using Web proxy. The Games and Gambling category is set to allow as you can see. Now roblox has an issue and won't load the games.

Now I keep the use of web proxy instead of DPI and I simply disable the category. Kids can now access roblox without any issues again:

So, as you can see, under normal circumstances, roblox did not need any port opening or special exceptions to work. The issue starts when the site needs to be accessed through xg's web proxy and only then. So, since I see nothing being blocked by XG, I simply believe that roblox will only cause issues if it is accessed behind a proxy. At least this is what conclusion I came to..

Please do let me know if you believe there is still a workaround for this (perhaps you have already tried what I  am after and works? Do let me know please..) 

Otherwise I see no point to continue with this. It has taken far too long for something that was a supposing easy task.. 

 Thanks again Ian. I deeply appreciate your help.!