This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Discord Firewall Exception(Sophos XG)

Hi All

Currently I am experiencing issues building a Discord firewall exception. When users are joining a voice/video channel within Discord, channel status is: No Route, connecting RTC.

WHen I create a firewall exception, things are just not working. If i create a firewall rule for that specific computer, allow: any/any, things work correctly. If I want to narrow it down, using a specific domain: (*.discord.gg), things do not work. 

Can anyone point me in the right direction? I cant find a Discord server IP list. 



This thread was automatically locked due to age.
Parents Reply Children
  • Hi,

    please try a simple discord.com in the exception.

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Adding discord.com gives me the same output unfortunately

  • What does the ssl/tls log show? When you had the generic rule, what were the urls that were passed, sounds like there might be others than those you have added exceptions for?

    ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Action with every URL is: Do not decrypt. So wouldnt be an issue?

  • Hi,

    some sites do not like ssl/tls regardless of the settings that is why occasionally it is best to use the web proxy with exceptions. Also ssl/tls does not handle UDP so you need to allow for that. The web proxy will allow for it without scanning.

    ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Ok, but which exception do i need to define in the FW rules? I can't find a list of ip addresses or anything like that?

  • There is a SSL/TLS exception list, though I think your existing exception list covers most items. I would setup your generic rule again and use one PC as the source to see what sites and ports are used because you might find that there are special ports involved though I searched through the discord web site and did not find any useful information.

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • I already did that. I will show you.
    Test client is specified, ACL rule is being hit in logs.

    IIn this example, i have extracted the IP addresses from Discord from the logs. However, yesterday I had 3 other IP addresses, they keep changing. I noticed when I test with multiple clients, they all get different Discord server IP Addresses
    I can't seem to find a complete Discord server list. If I know which IP addresses to allow the voice traffic to, i can easily make an exception.

  • Hi,

    I am a little confused by your use of ACL, please explain. I could not read your firewall rule, but I suspect you need to change the destination to wan zone.

    ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Destination Zone is WAN indeed, sorry, blurred too much. However, if I rejoin the Discord voice channel, Discord server IP keeps changing

    Only thing i did, i rejoined the Discord voice channel. Different IP. If I would have a group of Discord IP's, i could make an exception, however, the Discord server IP keeps changing.