XG Beta2 + RC1 Netflix no longer working with Beta 1 no Problems

Hi Sten,

I'm experiencing similar problems with the new fqdn wildcard feature, but was not yet able to give a good reproducable example of it.

Is it working if you replace the Netflix FQDN group with "Any" for the related FW rule?

Best Regards

DomNik

Hi DomNik,

same Problem with Any and no filters. See the Screenshots.

Hmm this is strange.

It's working with Any destination for my FireTV Stick, while the old way for v16 descripted in https://community.sophos.com/kb/en-us/125061 stopped working in v17. (reason unknown, but that's another topic...)

For video streaming in general I've the following generic vscan web exception - maybe this is the key?

^([A-Za-z0-9.\-/=,_~$+!'%\?\*\(\)]*)?\.mp4

^([A-Za-z0-9.\-/=,_~$+!'%\?\*\(\)]*)?\.m4v

Sten, that is a pure firewall rule without any scanning and your netflix should work with this configuration. Reboot your netflix device and double check any other configuration changes because an ALLOW ALL rule changes your firewall into a simple NAT router and shouldn't affect streaming.

What Domnick is suggesting using fqdn rules is described in the old XG exceptions KB article. At the bottom, they have a revised section on how to use netflix streaming by using NETFLIX as destination on your firewall rules https://community.sophos.com/kb/en-us/125061 Currently there is a known bug in webfiltering that breaks fqdn netflix filtering https://community.sophos.com/products/xg-firewall/sophos-xg-beta-programs/sfos-v170-beta/f/sfos-v170-beta-feedback/95909/fw-log-could-not-assocate-packet-to-any-connection-when-ips-enabled/352142#352142 but I don't think your issue is related since you are not using any filtering.

EDIT: @ DomNik, I don't understand the logic behind fqdn rule since in my opinion (that sophos really doesn't care about) application control should be able to do this. This is a real head scratcher since application rules can be updated with a pattern update but it will need a firmware update to change the fqdn rule (I maybe wrong but thats what it looks to me)

Billybob said:

EDIT: @ DomNik, I don't understand the logic behind fqdn rule since in my opinion (that sophos really doesn't care about) application control should be able to do this. This is a real head scratcher since application rules can be updated with a pattern update but it will need a firmware update to change the fqdn rule (I maybe wrong but thats what it looks to me)

 

Hi,

the fact is that Netflix wont work with this test rule.

the Normal rules are with fqdn exaptions.

today there is a new Update for the RC1-67 and i would Try it in evening.

greets

Hi,

the fact is that Netflix wont work with this test rule.

the Normal rules are with fqdn exaptions.

today there is a new Update for the RC1-67 and i would Try it in evening.

greets