Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Warning for Sophos XG home users!!!! Sophos XG firmware SFOS 17.0.3 MR-3 kills streaming video and apps from iTunes on Apple-TV gen4

A few days after upgrading the firmware I noticed that I could not stream videos or install apps from iTunes on my Apple TV. Streaming from Netflix and HBO was working.

I reset Apple TV to factory standard and during setup it turned out that I could not login to iTunes and App Store with my iCloud ID.

I reverted back to firmware version SFOS 17.02 MR-2 and now everything is ok.



This thread was automatically locked due to age.
  • Sophos is just an infinite problems loop.  Problems never ends.

    At home I have decommissioned the XG105 and put it on Ebay.  I was exhausted with that non sens baby sitting.

    I'm running now a Checkpoint 600 or a Check point 1490.  Problems solved.

     

    Paul Jr 

  • I had this issue with 17.9 MR. No streaming services had problems except Amazon Prime Video. With new videows that are 4k UHD it was hit or miss with Amazon Prime via my ATV4k. Most of the time I would get the Prime spinning wheel and then the error playing this content.

    I suspected it had to be the FW so I decided to add a full exception for my ATV4k in my Sophos Home XG FW. I specified the IP address of the ATV4k and told it zero blocking of anything and voila, everything as expected. I'm not terribly concerned about the ATV4k not being 'protected' since its a pretty closed device and the exception is outbound only. I came upon this decision by noticing denied messages in the FW log for the ATV4K when attempting to hit one of Amazon Prime's servers.  Only deny that was occurring was for Prime Video. All other services on my ATV4k worked flawlessly.

    So in short, put in an outbound exception for your ATV4k?

  • Hi,

    thank you for the details. I am not quite clear where you put your exception? If it is in web exceptions then that applies to all traffic because to setup a connection you must call the far end and then the returning traffic is scanned or bypassed in your case.

    Ian

    XG115W - v20.0.3 MR-3 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • I did it in the Firewall section, take a look. And no, it hasn't opened the entire Internet to my devices behind the FW.

  • That's what I did too.

     

    First I defined a new IP Host entry for the Apple-TV and it's LAN IP address, then used that as the source in Firewall rule like  

    Works great and no problems since.

  • I never said it would open your network tot he internet, I said if you created an exception in the web exception tab that exception will apply to all firewall rules eg those sites will be bypassed for the exceptions you have created.

    Why didn't you just create  simple firewall rule at the to pf the list with no checking enabled?

    Ian

    XG115W - v20.0.3 MR-3 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.