Howdie,
I have a problem that's cropped up with Sophos UTM in recent months and was hoping to get some input from others on it. I've been using UTM since the astaro days (Astaro 6 maybe? Don't recall when I first set it up) when the home user IP limit was 10. I still think it's the best solution out there for firewall, IPS, etc. Which is why this is frustrating. I don't want to switch. :) I'm currently running UTM on a quad port Qotom PC (specifically, this guy: https://smile.amazon.com/gp/product/B01AAKGQQG/ref=oh_aui_detailpage_o05_s00?ie=UTF8&psc=1) and before that an older fit-PC (a celeron dual NIC version). I use UTM as my gateway to my ISP (Comcast using the "Blast" speeds which are ~12 up and 150 down).
Up until about a month or so ago I was able to use google hangouts without a problem (i.e., teleconferencing for work). But, recently my outgoing video won't work for hangouts. I can see my video locally, but it won't show up for anyone remotely. This only happens on my network and on any computer / phone / device I use on my network to access a hangout. I assumed I had changed something that broke it.
After much finagling, I couldn't find any setting in UTM that would fix it so I made a backup and reset UTM to factory settings. It still didn't work. So...I put in the most basic of firewall rules (Internal (network) -> Any protocol -> Any) thinking maybe something outgoing was being blocked. Nope. I rechecked to make sure all proxying, filtering, etc was off. Yep, all off. In desperation, I SSH'd to the box (after enabling SSH) and manually cleared all iptables rules (left the nat table untouched however so I still had internet access). Nope, still doesn't work.
To rule out some kind of ISP issue, I took UTM out of the loop entirely and set my Linksys AC1200 router up as my internet gateway. THAT worked. Others could then see my video just fine. Seeing as how I did not have this problem previously with UTM, my only conclusion is that some update has done something to muck up google hangouts outgoing video (I try to apply UTM updates pretty regularly). I'm not clear where this would happen however. I don't know exactly how hangouts video works, but I understand it uses STUN for NAT traversal. Although I believe it has several other protocols it falls back on. The linksys router is quite likely not linux based (probably vxworks) so probably handles NAT a little differently. But...seeing as how this used to work with UTM I'm assuming it's from a UTM update. Unless Google changed something...which would make me very sad.
So, anyone have any idea what might be going on here?
Also, could some kind soul please try using a hangout on a network behind an up to date UTM (I'm currently using 9-405.5...I haven't yet applied the 9-406.3 update that just came out today) and see if you get video. You can easily replicate the problem by using two browsers (e.g., Chrome and Safari) on the same hangout (it won't work with two tabs in the same browser...hangouts prevents it).
NOTE: Though I never had these rules before, as a troubleshooting exercise I tried opening up ports referenced in here: https://support.google.com/a/answer/1279090?hl=en. That also didn't help. Which isn't surprising since that one rule I added in allowed all outgoing internal traffic anyway.
This thread was automatically locked due to age.
