This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM and Nest Camera

So starting today I am getting no video through the web browsers on my wired network while webfilter is turned on.  The wireless app on phones and ipads works fine.  The website works and the nest thermostat works, but no video.  

Lots of these when I reload the website.....

2017:03:28-20:02:23 adelman httpproxy[20271]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="http_parser_context_execute" file="http_parser_context.c" line="97" message="Unable to parse a http message of 237 bytes (HPE_INVALID_METHOD: invalid HTTP method)"

and some of these....

2017:03:28-20:02:47 adelman httpproxy[20271]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.50.200" dstip="54.163.122.137" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffAllow (Block Nudity)" size="705" request="0x2d3b5e00" url="czfe24-front01-iad01.transport.home.nest.com/" referer="" error="" authtime="0" dnstime="0" cattime="21" avscantime="0" fullreqtime="10020413" device="0" auth="0" ua="" exceptions=""

 

The only way I get it to work is to turn off or exempt the computer from webfiltering

 

any thoughts?



This thread was automatically locked due to age.
Parents
  • The error message indicates that it is not a normal http-compliant message.   NEST is apparently implementing a custom protocol.

    One research item will be to determine if the problem is on the PC-to-Cloud or Device-to-Cloud connection.   Try connecting from a laptop outside of your house to see if you get video or not.

    If the problem is with the NEST device connection, you could give them static IPs and whitelist based on the source.

    Assuming that the problem is on the PC-to-Cloud connection, you probably have to do a whitelist based on the destination.   Try this:

    • Re-enable web filtering and remove the exception that you created previously.
    • Create a website exception for home.nest.com with the box checked for "Include subdomains".  Assign it the tag "Nest Bypass"
    • Create an exception object and check the boxes to disable all features, for websites with "Tag = Nest Bypass"
    • Test.
    • Assuming it works (I think it will), you can try turning filter options back on to see whether things still work or start breaking.   The fewer enabled exceptions the better.
Reply
  • The error message indicates that it is not a normal http-compliant message.   NEST is apparently implementing a custom protocol.

    One research item will be to determine if the problem is on the PC-to-Cloud or Device-to-Cloud connection.   Try connecting from a laptop outside of your house to see if you get video or not.

    If the problem is with the NEST device connection, you could give them static IPs and whitelist based on the source.

    Assuming that the problem is on the PC-to-Cloud connection, you probably have to do a whitelist based on the destination.   Try this:

    • Re-enable web filtering and remove the exception that you created previously.
    • Create a website exception for home.nest.com with the box checked for "Include subdomains".  Assign it the tag "Nest Bypass"
    • Create an exception object and check the boxes to disable all features, for websites with "Tag = Nest Bypass"
    • Test.
    • Assuming it works (I think it will), you can try turning filter options back on to see whether things still work or start breaking.   The fewer enabled exceptions the better.
Children
  • Thanks for the thoughts. I can’t do the designated in addresses because the utm is not the dhcp for the nest devices. I have open mesh cloudtrax wireless system and it allows for 4 SSID which can either be part of the utm dhcp or have it’s own.  It helps me keep under the 50 ip limit.

    I tried the other recommendations they did not work.  

    Another fact:  I turned off the web filter on the utm at my house, website worked at home and tried the website at my office which also has a sophos utm with the web filter turned on. Same issue same errors reported.  Also just to let you know the nest app works fine internally and externally.   I have remote access to another computer behind a standard netgear router and it works fine in chrome with the source sophos utm webfilter turned on.   It does not seem to be interfering with sending from the devices. Just receiving in the browser through the sophos utm webfiltering.

  • Maybe I'm missing the right place to add a website exception, but I've tried everything I can think of to add the exception, assign the tag, and create the exception object to disable all features with the created tag.

    But I wasn't able to get the PC-to-Cloud connection to work...

    I can see the nest video footage on my PC if I disable web filtering.

    Any other thoughts that I can try?

  • This is an example of a website configured with the "Web Proxy Bypass" tag

    Hope those examples help