This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Exception rule for Netflix streaming?

I have recently started using Netflix again and am having trouble with it streaming to devices behind my UTM. I'm 99% sure it's due to the content filter and requires an exception rule; I have never been good with these rules and am wondering if anyone has created a rule for Netflix already?

I have "Bypass content scanning for streaming content" enabled which has not made a difference. When I add specific devices to the "transparent mode skiplist" they instantly work.

This thread was automatically locked due to age.

Parents

0 William Warren over 9 years ago

nopers on the ipad and wii i still get resolutions to 108.175.34.195
C:\Users\William>nslookup 108.175.34.195
Server:  virthost.ecc.local
Address:  192.168.255.2

Name:    ipv4_1.lagg0.c091.iad001.ix.nflxvideo.net
Address:  108.175.34.195
Here's hte full livelog line:

2014:09:20-07:46:14 etcutm httpproxy[14034]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.255.70" dstip="108.175.34.195" user="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="65536" request="0x8973cb0" url="108.175.34.195/.../0-65535

Because the system doesn't resolve dns properly it gets categorized as http which means all of the bypasses and exceptions don't work.  This is the only area i'm seeing internal resolution problems like this so it is clearly a dns resolution problem within the proxy itself.  I've presented this to support ate length and ad nauseum to be blown off.  I'm sticking with the proxy bypass for mobile and that is the only thing that works.

my dns is working fine the proxy however not so much.  Support is still maintaining nothing is wrong so i don't think they are..or can fix this issue.  Putting anything mobile into the proxy bypass is the way to go for the forseeable future.

Owner: Emmanuel Technology Consulting

http://etc-md.com

Former Sophos SG(Astaro) advocate/researcher/Silver Partner

PfSense w/Suricata, ntopng,

Other addons to follow
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 William Warren over 9 years ago

nopers on the ipad and wii i still get resolutions to 108.175.34.195
C:\Users\William>nslookup 108.175.34.195
Server:  virthost.ecc.local
Address:  192.168.255.2

Name:    ipv4_1.lagg0.c091.iad001.ix.nflxvideo.net
Address:  108.175.34.195
Here's hte full livelog line:

2014:09:20-07:46:14 etcutm httpproxy[14034]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.255.70" dstip="108.175.34.195" user="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="65536" request="0x8973cb0" url="108.175.34.195/.../0-65535

Because the system doesn't resolve dns properly it gets categorized as http which means all of the bypasses and exceptions don't work.  This is the only area i'm seeing internal resolution problems like this so it is clearly a dns resolution problem within the proxy itself.  I've presented this to support ate length and ad nauseum to be blown off.  I'm sticking with the proxy bypass for mobile and that is the only thing that works.

my dns is working fine the proxy however not so much.  Support is still maintaining nothing is wrong so i don't think they are..or can fix this issue.  Putting anything mobile into the proxy bypass is the way to go for the forseeable future.

Owner: Emmanuel Technology Consulting

http://etc-md.com

Former Sophos SG(Astaro) advocate/researcher/Silver Partner

PfSense w/Suricata, ntopng,

Other addons to follow
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data