Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

PlayStation 4 cannot download updates: Inavlid Traffic

Hi all,

I have a problem with my PS4. I cannot download updates for any game since I started using Sophos XG.

I've found the following answer in the board and that definitely was one issue.

According to the post, I've added the suggested URLs to the web exception list.

After that, I was able to download something. But still the PS4 fails to download the remaining 60MB of that update.
I enabled logging and found out, that some requests coming from the PS4 ( are blocked due to invalid traffic.

But I totally do not understand why that is happening, as the rule does allow everything from LAN to WAN for every service anytime.

I've 3 other rules, but I disabled them and the problem still occurs. The additional rules does also not affect LAN to WAN.

Does anybody understand what is here happening and how I can solve that?
As you see in the first screenshot, there are also some allowed packets from the PS4.


This thread was automatically locked due to age.
  • Have you tried turning off 'Block unrecognized SSL protocols' in Web / Protection?

    I don't know if this will help but it was my first thought :-)


    Self employer computer technician (mostly domestic) and photographer.

    Language: English English (UK) - No, NOT (U.S.).
    Why is it that the IT world assumes that if you speak English then it is American, not English.
    English did not come from America, that's why it's not called American!!!

  • Thanks for your reply. I was not aware of that setting.
    In fact the "Block unrecognized SSL protocols" is not enabled.

    "Block invalid certificates" was enabled. I disabled it for testing, but got the same result.


    Self employer computer technician (mostly domestic) and photographer.

    Language: English English (UK) - No, NOT (U.S.).
    Why is it that the IT world assumes that if you speak English then it is American, not English.
    English did not come from America, that's why it's not called American!!!

  • I added the remaining IPs. I've already added most of them, based on the other post in this forum.
    I was not able to add it the exact same way as it is described in the post. Sophos says it is not a valid address. I removed the https prefix ...

    Now I've the following exception list:

    • ^184\.84\.65\.*
    • ^50\.19\.100\.125
    • ^209\.251\.*\.*
    • ^([A-Za-z0-9.-]*\.)?playstation\.net/
    • ^198\.107\.*\.*
    • ^125\.199\.254\.51
    • ^([A-Za-z0-9.-]*\.)?loris-e\.llnwd\.net/
    • ^([A-Za-z0-9.-]*\.)?playstation\.de/
    • ^173\.230\.216\.*
    • ^([A-Za-z0-9.-]*\.)?playstation\.org/
    • ^([A-Za-z0-9.-]*\.)?playstation\.com/

    I also would expect that there are some logs for the web filtering, but everything green here since I've added the exceptions.

    But unfortunately, the problem still exists.

  • I'm not sure but I suspect that the IP address entries should be listed as:






    I have tried both types and they are accepted as valid in the exceptions list but I don't have a PS4 to test the results.


    Self employer computer technician (mostly domestic) and photographer.

    Language: English English (UK) - No, NOT (U.S.).
    Why is it that the IT world assumes that if you speak English then it is American, not English.
    English did not come from America, that's why it's not called American!!!

  • I always thought, that these entries are regular expressions.
    If this is true, it would be a difference if the "." is escaped "\." or not.

    Do you think that the problem is related to the web filter?
    I am confused, as I would have expected some log statements in the web filter log. But it seems that the firewall (policies) are blocking these packages. Am I wrong?

  • Hi again caldicot,

    I'm not sure where the problem lies and I've only just started using the XG myself, having used Cyberoam for around 10 years. I just thought I'd suggest a couple of things that I would try but it seems they have been unsuccessful. At this point I would be doing what you are doing and ask the forum for help... Hopefully someone with a deeper knowledge of the XG system will pick this up and be able to help you from here.


    Self employer computer technician (mostly domestic) and photographer.

    Language: English English (UK) - No, NOT (U.S.).
    Why is it that the IT world assumes that if you speak English then it is American, not English.
    English did not come from America, that's why it's not called American!!!

  • Hallo Rick,

    thanks for your help. Your input is of course appreciated.
    I am not too familiar with all that firewall stuff, so I am glad you suggested some things I can test. :-)

    As you said, hopefully someone with more experience will pick it up :-)


  • Hey,

    the solution with the exclusions didn't work for me.

    I solved the issue by switching Application Filter and Web Filter on #Default_Network_Policy both from "Allow All" to "None".


    Check this, that worked for me.



  • What is the difference between “Allow All” and “None”? To me it would seem like having a policy set to ‘None’ is the same as ‘Allow All’, but apparently not if it’s causing issues with PS4 downloads.


    Sophos XG guides for home users: