Warning for Sophos XG home users!!!! Sophos XG firmware SFOS 17.0.3 MR-3 kills streaming video and apps from iTunes on Apple-TV gen4

Hi,

please post your firewall rule that is being used by your apple tv.

Ian

Hi

I don't have any specific firewall rule for the Apple Tv. From LAN to WAN I use the #Default_Network_Policy.

Hi,

I am going to assume you have a gateway assigned?

In the advanced section do you have anything in this field?

The apple devices seem to have trouble even with the exception set if this field is not set to None. My Ipad and iphones all work through this rule.

Ian

Hi

Yes I have a gateway assigned.

I have not changed any firewall rules before and after upgrading to MR-3.  The Apple TV stopped streaming iTunes movies and after the rollback, it all worked again.

I also have troubles with streaming since updating to 17.0.3. specially streaming from the Amazon Prime Video app - i have no special rules defined and it was definitely working before (not sure if it was still working in 17 MR-2 but it was working with 17.0). I still can stream non HD videos from Amazon but no HD - and this is just happening on my AppleTV - on my MacBook, iPad, iPhone i can stream the whole HD content - sophos xg is then not blocking any of the video which i can't play on the AppleTV. If i connect the AppleTV directly to the Modem it works - so it should be a problem with the Sophos XG - i tried already adding Exceptions for Amazon, without success - also tried a rollback to MR2, no success :-( . I also had a problem with a streaming app of the austrian TV (ORF - TVthek) - there i also couldn't stream HD content - i added an "Exception" now it's working again. It's really annoying that it's not working anymore - hope we find a solution for it.

I’m running Sophos XG 17 MR-3 with my Apple TVs running through a firewall rule with a custom Web and IPS Policy. I have no issues streaming HD content through the Apple Movies, Hulu or Netflix apps but when I tried using the Amazon Prime app, it would just sit there like it’s trying to load the video but never play. However, Amazon Prime videos stream fine on my iPad.

I was able to get the Amazon Prime app on the Apple TV to mostly work by adding the following to a web exception list:

aiv-delivery.net
akamaihd.net
amazon.com

I noticed these domains were being accessed when trying to use the Amazon Prime app by monitoring the Web Filter in the Log Viewer. Unfortunately, some videos were still having issues. It appears to be an issue with the web proxy even though the Amazon Prime traffic is being “Allowed”. I gave up for now and simply added my Apple TVs to another firewall rule that does not have any Web or IPS policies assigned which allows me to stream with no issues.

hey - thx for your message!

I updated to v17 MR5 today - but the update didn't change the problem - for the moment i can just say, that if my AppleTV is excluded from http scanning everything works fine for me - i added an extra firewall-rule for this and with this it works. So in my opinion/experience amazon-app+appleTV+http scanning (since at least v17MR2) are no friends and so it doesn't work. 

http scanning, IPS, and app control disabled as well I would say ...

I re-installed a Checkpoint appliance.  That problem is gone.

PJR

I'm still on 17.03 MR-3 and had to do the exact same thing (create custom Firewall Rule like above) in order to get my Apple-TV to stream Amazon Prime Video!...

All was working fine for other streaming services like Netflix, Hulu, DirectvNow, HBOGo and even up until last week on Amazon Prime Video... but I think an auto-update to the tvOS got applied and after that APV wouldn't stream... the app would load the home screen and navigation to selections was OK, but as soon as an attempt was made to start/resume/stream a choice, I would get nothing but the spinner...

Quite frustrating... I tried a variety of Web Policy additions and changes to ensure every possible domain that was denied during streaming attempts was allowed but still it wouldn't work... 

Weird.