I am struggeling with iOS devices (iOS 14) behind a Sophos UTM Firewall using Firmware 9.705-3. The UTM is using Firewall Rules, Intrusion Prevention and Endpoint Protection features. Instagram stories, IGTV videos and Facebook videos are buffering all the time once the devices are behind the Sophos UTM and I don't know what's the problem...
I tested it without the UTM going directly to the router and it's working fine. Therefore somethings not right within the UTM. LiveLogs are fine, traffic won't be blocked on the devices. Please help, it's just annoying and I can't figure out what's going on...
All other streaming services like YouTube, Netflix, Amazon Prime Video are working fine on the iOS devices...
Thank you for the update.
Intrusion Prevention is a different feature; disabling, it will not disable Anti-Dos/Flooding.
Just for testing, disable Anti-Dos/Flooding for UDP and check if that…
Thank you for reaching out to the Community!
Did you configure Anti-Dos/Flooding under Network Protection > Intrusion Prevention?
Is web filtering configured on your firewall?
Community Support Engineer | Sophos Technical SupportSupport Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts If a post solves your question use the 'Verify Answer' button.
Anti-Dos/Flooding is active. Web Filtering is not used in my configuration. I just turned off the whole "Intrusion Prevention" feature. Makes no difference...
Just for testing, disable Anti-Dos/Flooding for UDP and check if that helps. If all the applications start working, then you have to change the values.
Hallo and welcome to the UTM Community!
Agreed with Harsh. You will want to take a look at Rule #1 in Rulz (last updated 2020-11-12).
Cheers - Bob
Thank you guys, it seems like it's working now when the UDP Flood Protection is deactivated. Do you have a recommendation for the thresholds? Below you can see my setting how it was used before.
It's probably the Destination packet rate and you can confirm that in the Intrusion Prevention log. You'll just have to experiment. Let us know what you find.
It would be a preferable solution in this situation to simply create an Intrusion Prevention Exception for the relevant IPs you see blocked for UDP flooding in the log.