some IPTV streams blocked while others not...stumped!

I am using an IPTV provider for channels streams. The stations url format is as follows: https://URL.xyz:443/play/random.letters/ts 

But some channels are working and others are not. I am stumped at what is making UTM block some stations and not others !! The only difference in the link is the "random.letters" part.

Parents
  • Hi and welcome to the UTM Community!

    Copy here a few lines from the Web Filtering log where a station is blocked.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • It isn't showing that it was blocked I guess, but it times out. There is no issue streaming when I take the firewall off.

    2021:10:19-14:01:48 UTM httpproxy[5108]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.3.92" dstip="URL.IP" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="6834" request="0xd55b5500" url="https://URL.xyz/" referer="" error="" authtime="0" dnstime="7" aptptime="149" cattime="0" avscantime="0" fullreqtime="379765" device="0" auth="0" ua="" exceptions="av,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
    
    2021:10:19-14:02:10 UTM httpproxy[5108]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.3.92" dstip="URL.IP" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="6839" request="0xd9465500" url="https://URL.xyz/" referer="" error="" authtime="0" dnstime="13" aptptime="287" cattime="0" avscantime="0" fullreqtime="378286" device="0" auth="0" ua="" exceptions="av,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"
    
    2021:10:19-14:02:33 UTM httpproxy[5108]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.3.92" dstip="URL.IP" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="6840" request="0xd8de6700" url="https://URL.xyz/" referer="" error="" authtime="0" dnstime="12" aptptime="319" cattime="0" avscantime="0" fullreqtime="358483" device="0" auth="0" ua="" exceptions="av,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size"

    My VLC player log shows:

    http error: local stream 1 error: Cancellation (0x8)
    gnutls error: TLS handshake error: Error in the push function.
    main error: TLS session handshake error
    main error: connection error: Interrupted function call
    access error: HTTP connection failure


    thank you. 

  • We're looking for lines without action=pass.  You'll probably also see statuscode="5. or statuscode="4.  You might get some of these lines with:

         cd /home
         grep 'statuscode="[45]' /var/log/http.log|more

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Thank you BAlfson. 
    Unfortunately I am not seeing any action=fail related to the IPTV link even though the channels in question are trying to stream but failing. . Opening traffic on the UTM clears all streams. 


  • Without relevant lines from the log, it's hard to help you.  A WAG would be to add a DNS Group for the FQDN to the Transparent mode skiplist on the 'Advanced' tab.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Without relevant lines from the log, it's hard to help you.  A WAG would be to add a DNS Group for the FQDN to the Transparent mode skiplist on the 'Advanced' tab.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data