lan to wan not functioning in EAP3 for devices (roku, tivo, unifi ap's)

I have a 105 using latest v17 and 106 using EAP 3 v18.  Using my v18, many devices get ip's but cannot connect to internet.  Plug in 105 and everything is fine.   Similar rule setup between both firewall  - v18 106 setup manually (no migration).  Netflix also does not work.  I setup policy bypass and fqdn per https://community.sophos.com/kb/en-us/125061.

 

1)  tivo/roku - cannot connect to internet when 106 plugged in.  I have created manual rules (attached below) which do not appear to be running. Do not see any failures in logs.  Lan to Wan below.  Details of roku but same exp with Roku, unifi devices, etc.  IOS/computers work.  Being that I setup explicit rules for roku/tivo I would expect them to bypass any other checks I may have enabled.

Rule Details for Roku - Set allow all for webfilter and other security

 

Thoughts?

Parents Reply
  • In order to make v18 behave like v17.5 you need to do the following things:
    For any rule that does anything with port 80/443 traffic, select the "Use proxy instead of DPI engine".
    Rules that have "Scan HTTP and decrypted HTTPS" and "Use proxy instead of DPI engine" should not have Web Policy None. Change to Allow All. Known issue.

    Doing that will cause the v18 box to use the same web proxy as 17.5. If things still don't work, you've got other issues.

    Assuming that does resolve the problems, then the next step is switching the rule for your Roku TV back to the DPI mode and then investigating with logs what it is trying to connect to and why it cannot connect.

Children
No Data