Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 40 subscribers
  • Views 7847 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Web filter active with no policy breaking Embedded App services such as: AppleTV: netflix, hulu, hbonow. iPhone: Snapchat, numerous others.

AustinSinsel

From Google-ing around, it looks like this problem has existed and been wide spread since 2013 on the UTM?  This issue was then ported over onto the XG.

I moved from UTM9 to XG to hopefully get an answer or some development time from Sophos on this.  I'm not going to whitelist netflix, hulu, hbo, snapchat, or any other content provider.  I am also not going to whitelist source devices like my AppleTV or my phone, because when a new device comes into my network I would have to then manually add it to the whitelist.  I would like my network to be as protected as possible, so I would like to think of it as a service I could provide any new device.

While I find it hard to believe you would need further logs or evidence on this, as you should be able to recreate this in a lab because it appears to be a problem across all devices.  If you need logs, reach out to me.

Since this is so wide spread and has been known for so long, I'm fear to think what your enterprise support is like on matters that need to be dealt with within a week for a paying customer.....

Question:  Does Sophos have development working on fix for this?



This thread was automatically locked due to age.
  • 0

    Some logs to contribute

    2016:03:08-18:29:25 sophos httpproxy[5491]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="10.10.3.2" dstip="54.214.15.75" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaLanNetwo (Roku)" filteraction="REF_HttCffRoku (Roku)" size="5938" request="0xe0baf000" url="appboot.netflix.com/.../RKU-42XXX-" referer="localcontrol.netflix.com/.../error.js error="" authtime="0" dnstime="10101" cattime="0" avscantime="0" fullreqtime="184056" device="0" auth="0" ua="Gibbon/2015.1.1/2015.1.1: Netflix/2015.1.1 (DEVTYPE=RKU-42XXX-; CERTVER=0)" exceptions="av,auth,content,url,ssl,certcheck,certdate,cache,fileextension,patience" content-type="text/plain"

    2016:03:08-18:32:24 sophos httpproxy[5491]: id="0066" severity="info" sys="SecureWeb" sub="http" name="web request blocked, forbidden application detected" action="block" method="GET" srcip="10.10.3.2" dstip="54.230.36.94" user="" group="" ad_domain="" statuscode="403" cached="0" profile="REF_HttProContaLanNetwo (Roku)" filteraction="REF_HttCffRoku (Roku)" size="3288" request="0xe0c23e00" url="http://captive.roku.com/ok" referer="" error="" authtime="0" dnstime="15907" cattime="92" avscantime="0" fullreqtime="16557" device="0" auth="0" ua="Mozilla/5.0" exceptions="" category="181" reputation="neutral" categoryname="Marketing/Merchandising" application="ROKU" app-id="1325"
    2016:03:08-18:33:52 sophos httpproxy[5491]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="10.10.3.2" dstip="54.225.147.173" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaLanNetwo (Roku)" filteraction="REF_HttCffRoku (Roku)" size="5945" request="0xe0c72c00" url="appboot.netflix.com/.../RKU-42XXX-" referer="localcontrol.netflix.com/.../error.js error="" authtime="0" dnstime="30343" cattime="0" avscantime="0" fullreqtime="119276" device="0" auth="0" ua="Gibbon/2015.1.1/2015.1.1: Netflix/2015.1.1 (DEVTYPE=RKU-42XXX-; CERTVER=0)" exceptions="av,auth,content,url,ssl,certcheck,certdate,cache,fileextension,patience" content-type="text/plain"
    2016:03:08-18:56:24 sophos httpproxy[5491]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="10.10.3.2" dstip="54.214.241.80" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaLanNetwo (Roku)" filteraction="REF_HttCffRoku (Roku)" size="5953" request="0xdff8b600" url="appboot.netflix.com/.../RKU-42XXX-" referer="localcontrol.netflix.com/.../error.js error="" authtime="0" dnstime="84697" cattime="0" avscantime="0" fullreqtime="259432" device="0" auth="0" ua="Gibbon/2015.1.1/2015.1.1: Netflix/2015.1.1 (DEVTYPE=RKU-42XXX-; CERTVER=0)" exceptions="av,auth,content,url,ssl,certcheck,certdate,cache,fileextension,patience" content-type="text/plain"
  • 0 in reply to AndrewSalm

    From that log:

    name="web request blocked, forbidden application detected" action="block" application="ROKU" app-id="1325"


    You might want to check your AppControl rules.  :)

Unfiltered HTML