some IPTV streams blocked while others not...stumped!

Hi and welcome to the UTM Community!

Copy here a few lines from the Web Filtering log where a station is blocked.

Cheers - Bob

It isn't showing that it was blocked I guess, but it times out. There is no issue streaming when I take the firewall off.

2021:10:19-14:01:48 UTM httpproxy[5108]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.3.92" dstip="URL.IP" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="6834" request="0xd55b5500" url="https://URL.xyz/" referer="" error="" authtime="0" dnstime="7" aptptime="149" cattime="0" avscantime="0" fullreqtime="379765" device="0" auth="0" ua="" exceptions="av,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"

2021:10:19-14:02:10 UTM httpproxy[5108]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.3.92" dstip="URL.IP" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="6839" request="0xd9465500" url="https://URL.xyz/" referer="" error="" authtime="0" dnstime="13" aptptime="287" cattime="0" avscantime="0" fullreqtime="378286" device="0" auth="0" ua="" exceptions="av,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"

2021:10:19-14:02:33 UTM httpproxy[5108]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.3.92" dstip="URL.IP" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="6840" request="0xd8de6700" url="https://URL.xyz/" referer="" error="" authtime="0" dnstime="12" aptptime="319" cattime="0" avscantime="0" fullreqtime="358483" device="0" auth="0" ua="" exceptions="av,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"

My VLC player log shows:

http error: local stream 1 error: Cancellation (0x8)
gnutls error: TLS handshake error: Error in the push function.
main error: TLS session handshake error
main error: connection error: Interrupted function call
access error: HTTP connection failure

We're looking for lines without action=pass.  You'll probably also see statuscode="5. or statuscode="4.  You might get some of these lines with:

     cd /home
     grep 'statuscode="[45]' /var/log/http.log|more

Cheers - Bob

We had a case, videos where not accesable also when the news page was not blocked.

It turned out Sophos blocked the Ad's that lay before the video. Solution: We did not touch the Adfilter in Sophos, we just installed Adblock+ and the user could play all the videos on this page without any problems. Also an adblock made the user surfing more secure and faster.

Hope this can help, at least you can give it a try.

Thank you BAlfson. 
Unfortunately I am not seeing any action=fail related to the IPTV link even though the channels in question are trying to stream but failing. . Opening traffic on the UTM clears all streams. 

thx bumblebee.

The channel streams are direct streams without ads preloading. They would be loaded off VLC player or any media player. Moreover, there isn't any difference between channel A (not blocked) and channel B (blocked) other than few different letters in the URL. 

Without relevant lines from the log, it's hard to help you.  A WAG would be to add a DNS Group for the FQDN to the Transparent mode skiplist on the 'Advanced' tab.

Cheers - Bob