PlayStation 4 cannot download updates: Inavlid Traffic

Hey,

the solution with the exclusions didn't work for me.

I solved the issue by switching Application Filter and Web Filter on #Default_Network_Policy both from "Allow All" to "None".

Check this, that worked for me.

Greets

What is the difference between “Allow All” and “None”? To me it would seem like having a policy set to ‘None’ is the same as ‘Allow All’, but apparently not if it’s causing issues with PS4 downloads.

What is the difference between “Allow All” and “None”? To me it would seem like having a policy set to ‘None’ is the same as ‘Allow All’, but apparently not if it’s causing issues with PS4 downloads.

Same situation...

I'm not sure but I found this answer by Michael Dunn. He explains how the policies work. 

https://community.sophos.com/products/xg-firewall/f/firewall-and-policies/83833/web-policy-and-filtering-not-working-at-all/314394#314394

Maybe it is something that happens when both of the policys are set to "Allow all". 

End of the post by Michael Dunn:

"EDIT: Update/Clarification.  Web Policy also applies the first rule that matches, whether it is allow or block.  Allow does mean Allow, not "continue processing".  This makes a difference if Rule 1 is allow Document Files and Rule 2 is block Adult sites.  If someone downloads a pdf from an adult site, it will be allowed."

I'm also new to Sophos XG and firewalls itself, so I also would like to know why this happens.

Greetings

Did the solutions work for you?

I know some people don't agree with me but I am going to ask everyone on this thread, why are you scanning PlayStation traffic? Is there a playstation virus out that you think sophos is going to protect you against? Are there any PUAs that playstation installs that sophos protects you against? Do you surf using your playstation where you need webfiltering to block adult or other sites? If the answer to any of these questions is no then why are you guys scanning playstation traffic with http scanner or using webcategorization/application control?

Create a simple firewall rule, don't scan http/s, don't do categorization and use a customized LAN to WAN IPS policy. I keep on seeing thread after thread of my console not working after this and that and yet nobody ever says whey are they scanning console traffic. I have playstions, xbox, roku, amazon firesticks, nest thermostats, amazon echo, various IOT plugs and switches and all of them function properly and I don't scan any of their traffic for viruses or web categorization. Whats the point? If you don't trust a chinese manufacturer for the websites it may connect to, don't buy that product or block the offending website. Why is all traffic being scanned when it will only affect you negatively and you will hardly get any extra protection by creating more work for yourself?

Seriously... why are you guys scanning playstation network?

I actually don’t have a PS4, I’m just trying to understand the difference between selecting “Allow All” vs “None” for a Web Policy, and why selecting “Allow All” would cause issues with your PS4 downloads but not “None”. That post from Michael Dunn explains the first part (difference between the two settings) but it still doesn’t make sense why “Allow All” is affecting your PS4 downloads.

What I did for my Xbox One is create a firewall rule  (above all my other firewall rules) that basically has everything turned (Scan HTTP, IPS, policies). That way my Xbox One traffic is “unfiltered” to avoid any issues but the rest of my traffic is still being “filtered” by the default allow LAN to WAN rule settings.

You guys are confusing the issues. The issue that you linked to is related to web policy tab and the default action is the last rule on that web policy WEB> policies> default action (last item)

Firewall rules are completely different and are parsed top to bottom. As to your question about what is the difference between allow and None in firewall rules under advanced section of firewall rules. You basically have the option to allow all, none, or choose one of the web/application categories.

Allow all means scan the traffic but allow all the traffic

None means don't scan any traffic

Most of the consoles break when you scan any traffic that is why allow all will break some functionality while none wouldn't because the traffic is not being scanned at all.

Hope this makes sense

I’m referring to this post:

Unknown said:

I solved the issue by switching Application Filter and Web Filter on #Default_Network_Policy both from "Allow All" to "None".

That is how he was able to solve his issue with PS4 downloads. I was confused as to what the difference is between “Allow All” and “None”, and why an application or web policy of “Allow All” would cause a PS4 download to not finish. He posted a link that describes how policies work and the purpose of “Allow All” versus “None”, which makes sense now (for the most part).