Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 17 replies
  • Subscribers 42 subscribers
  • Views 37920 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

PlayStation 4 cannot download updates: Inavlid Traffic

caldicot

Hi all,

I have a problem with my PS4. I cannot download updates for any game since I started using Sophos XG.

I've found the following answer in the board and that definitely was one issue.
https://community.sophos.com/products/xg-firewall/f/web-protection/74816/playstation-4-unable-to-download-updates

According to the post, I've added the suggested URLs to the web exception list.

After that, I was able to download something. But still the PS4 fails to download the remaining 60MB of that update.
I enabled logging and found out, that some requests coming from the PS4 (10.0.0.65) are blocked due to invalid traffic.

But I totally do not understand why that is happening, as the rule does allow everything from LAN to WAN for every service anytime.

I've 3 other rules, but I disabled them and the problem still occurs. The additional rules does also not affect LAN to WAN.

Does anybody understand what is here happening and how I can solve that?
As you see in the first screenshot, there are also some allowed packets from the PS4.

thanks,
caldi



This thread was automatically locked due to age.
Parents
  • 0

    Hey,

    the solution with the exclusions didn't work for me.

    I solved the issue by switching Application Filter and Web Filter on #Default_Network_Policy both from "Allow All" to "None".

     

    Check this, that worked for me.

     

    Greets

  • 0 in reply to Matthias Roth

    What is the difference between “Allow All” and “None”? To me it would seem like having a policy set to ‘None’ is the same as ‘Allow All’, but apparently not if it’s causing issues with PS4 downloads.

    ---

    Sophos XG guides for home users: https://shred086.wordpress.com/

  • 0 in reply to shred

    I'm not sure but I found this answer by Michael Dunn. He explains how the policies work. 

     

    https://community.sophos.com/products/xg-firewall/f/firewall-and-policies/83833/web-policy-and-filtering-not-working-at-all/314394#314394

     

    Maybe it is something that happens when both of the policys are set to "Allow all". 

     

    End of the post by Michael Dunn:

    "EDIT: Update/Clarification.  Web Policy also applies the first rule that matches, whether it is allow or block.  Allow does mean Allow, not "continue processing".  This makes a difference if Rule 1 is allow Document Files and Rule 2 is block Adult sites.  If someone downloads a pdf from an adult site, it will be allowed."

     

    I'm also new to Sophos XG and firewalls itself, so I also would like to know why this happens.

     

    Greetings

     

  • 0 in reply to shred

    Did the solutions work for you?

  • 0 in reply to Matthias Roth

    I know some people don't agree with me but I am going to ask everyone on this thread, why are you scanning PlayStation traffic? Is there a playstation virus out that you think sophos is going to protect you against? Are there any PUAs that playstation installs that sophos protects you against? Do you surf using your playstation where you need webfiltering to block adult or other sites? If the answer to any of these questions is no then why are you guys scanning playstation traffic with http scanner or using webcategorization/application control?

    Create a simple firewall rule, don't scan http/s, don't do categorization and use a customized LAN to WAN IPS policy. I keep on seeing thread after thread of my console not working after this and that and yet nobody ever says whey are they scanning console traffic. I have playstions, xbox, roku, amazon firesticks, nest thermostats, amazon echo, various IOT plugs and switches and all of them function properly and I don't scan any of their traffic for viruses or web categorization. Whats the point? If you don't trust a chinese manufacturer for the websites it may connect to, don't buy that product or block the offending website. Why is all traffic being scanned when it will only affect you negatively and you will hardly get any extra protection by creating more work for yourself?

    Seriously... why are you guys scanning playstation network?

Reply
  • 0 in reply to Matthias Roth

    I know some people don't agree with me but I am going to ask everyone on this thread, why are you scanning PlayStation traffic? Is there a playstation virus out that you think sophos is going to protect you against? Are there any PUAs that playstation installs that sophos protects you against? Do you surf using your playstation where you need webfiltering to block adult or other sites? If the answer to any of these questions is no then why are you guys scanning playstation traffic with http scanner or using webcategorization/application control?

    Create a simple firewall rule, don't scan http/s, don't do categorization and use a customized LAN to WAN IPS policy. I keep on seeing thread after thread of my console not working after this and that and yet nobody ever says whey are they scanning console traffic. I have playstions, xbox, roku, amazon firesticks, nest thermostats, amazon echo, various IOT plugs and switches and all of them function properly and I don't scan any of their traffic for viruses or web categorization. Whats the point? If you don't trust a chinese manufacturer for the websites it may connect to, don't buy that product or block the offending website. Why is all traffic being scanned when it will only affect you negatively and you will hardly get any extra protection by creating more work for yourself?

    Seriously... why are you guys scanning playstation network?

Children
No Data
Unfiltered HTML