Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Warning for Sophos XG home users!!!! Sophos XG firmware SFOS 17.0.3 MR-3 kills streaming video and apps from iTunes on Apple-TV gen4

A few days after upgrading the firmware I noticed that I could not stream videos or install apps from iTunes on my Apple TV. Streaming from Netflix and HBO was working.

I reset Apple TV to factory standard and during setup it turned out that I could not login to iTunes and App Store with my iCloud ID.

I reverted back to firmware version SFOS 17.02 MR-2 and now everything is ok.



This thread was automatically locked due to age.
Parents
  • I also have troubles with streaming since updating to 17.0.3. specially streaming from the Amazon Prime Video app - i have no special rules defined and it was definitely working before (not sure if it was still working in 17 MR-2 but it was working with 17.0). I still can stream non HD videos from Amazon but no HD - and this is just happening on my AppleTV - on my MacBook, iPad, iPhone i can stream the whole HD content - sophos xg is then not blocking any of the video which i can't play on the AppleTV. If i connect the AppleTV directly to the Modem it works - so it should be a problem with the Sophos XG - i tried already adding Exceptions for Amazon, without success - also tried a rollback to MR2, no success :-( . I also had a problem with a streaming app of the austrian TV (ORF - TVthek) - there i also couldn't stream HD content - i added an "Exception" now it's working again. It's really annoying that it's not working anymore - hope we find a solution for it.

  • I had this issue with 17.9 MR. No streaming services had problems except Amazon Prime Video. With new videows that are 4k UHD it was hit or miss with Amazon Prime via my ATV4k. Most of the time I would get the Prime spinning wheel and then the error playing this content.

    I suspected it had to be the FW so I decided to add a full exception for my ATV4k in my Sophos Home XG FW. I specified the IP address of the ATV4k and told it zero blocking of anything and voila, everything as expected. I'm not terribly concerned about the ATV4k not being 'protected' since its a pretty closed device and the exception is outbound only. I came upon this decision by noticing denied messages in the FW log for the ATV4K when attempting to hit one of Amazon Prime's servers.  Only deny that was occurring was for Prime Video. All other services on my ATV4k worked flawlessly.

    So in short, put in an outbound exception for your ATV4k?

  • Hi,

    thank you for the details. I am not quite clear where you put your exception? If it is in web exceptions then that applies to all traffic because to setup a connection you must call the far end and then the returning traffic is scanned or bypassed in your case.

    Ian

    XG115W - v20.0.3 MR-3 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • I did it in the Firewall section, take a look. And no, it hasn't opened the entire Internet to my devices behind the FW.

  • That's what I did too.

     

    First I defined a new IP Host entry for the Apple-TV and it's LAN IP address, then used that as the source in Firewall rule like  

    Works great and no problems since.

  • I never said it would open your network tot he internet, I said if you created an exception in the web exception tab that exception will apply to all firewall rules eg those sites will be bypassed for the exceptions you have created.

    Why didn't you just create  simple firewall rule at the to pf the list with no checking enabled?

    Ian

    XG115W - v20.0.3 MR-3 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • I never said it would open your network tot he internet, I said if you created an exception in the web exception tab that exception will apply to all firewall rules eg those sites will be bypassed for the exceptions you have created.

    Why didn't you just create  simple firewall rule at the to pf the list with no checking enabled?

    Ian

    XG115W - v20.0.3 MR-3 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

Children
No Data