This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to unblock Fidelity Active Trader Pro app running on Windows 10? (UTM 9.510-5)

I have URL filtering enabled and it is blocking Fidelity's Active Trader Pro app in Windows 10. Can someone please advise how to unblock the app?

 

I suspect the web filter is to blame because the app works just fine when I turn web filtering off in the Web Protection > Web Filtering > Global tab.

 

My current setup is "URL filtering only" in the HTTPS tab.

 

In the Filtering Options Exceptions tab I added this entry for Fidelity: ^https?://([A-Za-z0-9.-]*\.)?fidelity\.com/ and activated the toggle button. This did not help.

 

The Fidelity app works on Windows 7 but not on Windows 10.

 

Just before Active Trader Pro crashes on Windows 10, the Web Filtering log creates these two entries:

 

2018:08:26-10:44:50 sophos httpproxy[3784]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="http_parser_context_execute" file="http_parser_context.c" line="97" message="Unable to parse a http message of 2920 bytes (HPE_INVALID_METHOD: invalid HTTP method)"
2018:08:26-10:44:50 sophos httpproxy[3784]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xd413c600" function="read_request_headers" file="request.c" line="1590" message="unable to parse a http message on handler 121 (Resource temporarily unavailable)"
 
The Fidelity app, on the other hand, has the following errors its the log file:
 
'2018-08-26 10:45:19.3818 [5] Fatal : Unhandled Domain Exception System.Net.Sockets.SocketException (0x80004005): An existing connection was forcibly closed by the remote host
at System.Net.Sockets.Socket.Shutdown(SocketShutdown how)
at AcquireMedia.NewsEdge.API.News.NewsEdgeSession.?????????????????????????????????????????()
at AcquireMedia.NewsEdge.API.News.NewsEdgeSession.?????????????????????????????????????????.?????????????????????????????????????????(Object )
at AcquireMedia.NewsEdge.API.News.TaskQueue.?????????????????????????????????????????(Object )
at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(Object state)
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()'
 
Any help would be appreciated. Thank you.


This thread was automatically locked due to age.
Parents
  • Hi and welcome to the UTM Community!

    Some Apps just don't play well with a Proxy, and this looks to be one, so no Exception will work.

    You will need to skip the Proxy for this traffic.  It's possible to do this easily with Web Filtering in Transparent mode if you know the IPs the app needs to reach.  How are you configured?  Is this a business or a free home-use license?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Hi and welcome to the UTM Community!

    Some Apps just don't play well with a Proxy, and this looks to be one, so no Exception will work.

    You will need to skip the Proxy for this traffic.  It's possible to do this easily with Web Filtering in Transparent mode if you know the IPs the app needs to reach.  How are you configured?  Is this a business or a free home-use license?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • Thank you for your reply.

     

    Sophos is running in a Protectli Vault, whose WAN port is connected to my modem. Protectli’s LAN port is connected to a switch. A WIFI access point is connected to the switch, and the computers in question are connected to the access point.

     

    Inside UTM 9 itself, the Global Web Filtering Status is on, the Allowed Networks is Internal (Network), and the Operation mod is Transparent mode. The HTTPS Scan Settings is set to URL filtering only.

     

    This is a free home-use license.

     

    I will work on finding out which IPs the Fidelity app uses. Am I to put these in the "Transparent Mode Skiplist" in the Misc tab?

     

    Thanks again.

  • Correct, in the 'Transparent Mode Skiplist' in the destinations box.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Thank you for your replies, BAlfson and DouglasFoster.

    In case someone else has the same issue, I got the Fidelity app to work by skipping the following IPs. I had to use a range for the Fidelity IPs because the app does not connect to any particular one consistently.

     

    Fidelity:

    155.199.1.1 - 155.199.255.255

    Akamai:

    104.102.199.55
    104.97.109.101
    104.97.66.28
    104.97.66.29
    104.97.67.3
    104.97.87.35
    104.97.87.35
    104.97.88.115
    104.97.88.115
    104.97.88.134
    104.97.88.15
    104.97.89.60
    104.97.89.60

     

    The app also connects to Amazon's cloud, but it seems to work without Amazon being added to the skiplist.

     

    In case the above changes and no longer works (the app worked fine before the latest update, so future updates can add new IPs), I found the IPs by downloading the free version of Glasswire. I used it to block everything that wasn't the Fidelity app. Then, I used Wireshark to see where my computer connected when the Fidelity app was in use.