This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Snapchat - Host Not Found

Am puzzled but this Sophos UTM error.  Was hoping someone might be able to assist.

I can access Snapchat from my iPhone via LTE cellular without issue.  However I'm unable to access from my iPhone via wi-fi when attempting to connect from behind my Sophos UTM with HTTPS Decrypt & Scan enabled.

Even when I create a web filtering exception for Snapchat, I still receiving this error repeatedly.  Seems to be trying to access a www.feelinsonice.com URL that it cannot resolve?  It keeps returning a BLOCK and "Host Not Found":

2015:07:05-21:44:27 oscar httpproxy[15843]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="192.168.0.43" dstip="" user="" ad_domain="" statuscode="502" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2623" request="0xdef78000" url="www.feelinsonice.com/" referer="" error="Host not found" authtime="0" dnstime="226" cattime="0" avscantime="0" fullreqtime="231808" device="0" auth="0" ua="" exceptions="av,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size,patience"

2015:07:05-21:44:27 oscar httpproxy[15843]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.0.43" dstip="74.6.34.30" user="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="186" request="0xdeeb3800" url="data.flurry.com/" referer="" error="" authtime="0" dnstime="34189" cattime="0" avscantime="0" fullreqtime="138177" device="0" auth="0" ua="" exceptions="av,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size,patience"

2015:07:05-21:44:27 oscar httpproxy[15843]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.0.43" dstip="74.125.30.141" user="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="3849" request="0xe0086800" url="sc-analytics.appspot.com/" referer="" error="" authtime="0" dnstime="334" cattime="0" avscantime="0" fullreqtime="139336" device="0" auth="0" ua="" exceptions="av,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size,patience"

2015:07:05-21:44:30 oscar httpproxy[15843]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.0.43" dstip="17.167.194.205" user="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="4981" request="0xbf95000" url="gsp10-ssl.apple.com/" referer="" error="" authtime="0" dnstime="115864" cattime="0" avscantime="0" fullreqtime="363084" device="0" auth="0" ua="" exceptions="av,auth,content,url,ssl,certcheck,certdate,mime,fileextension"


This thread was automatically locked due to age.
Parents
  • Two things.  A quick google shows that feelinsonice is some weird snapchat thing, there are multiple domains/hosts.

    That being said, I suspect that your host not found is not the issue.  Please post more full logs.
  • I'm struggling with the same issue here. My users can switch to using their cell phone data instead of wifi (behind UTM9) and SnapChat works fine. If they use wifi behind the UTM9, it tries to reach this non-resolving FQDN of  www.feelinsonice.com and UTM9 blocks it with the "host not found" message.

    I really have no idea what is going on here. Subscribing to thread in hopes that someone figures it out. :-)

    - Scott
  • When an app refuses to work correctly with https inspection enabled, I assume that the app is doing certificate pinning.  Disable https inspection and declare victory.  Feelsonice.com may be something implemented in the app that bypasses dns, which might be why utm cannot resolve the name.  Https inspection bypass should fix that as well (as long as pharming check is disabled)

    Also note the KB articles about extra steps needed to load the UTM CA on Apple devices.

Reply
  • When an app refuses to work correctly with https inspection enabled, I assume that the app is doing certificate pinning.  Disable https inspection and declare victory.  Feelsonice.com may be something implemented in the app that bypasses dns, which might be why utm cannot resolve the name.  Https inspection bypass should fix that as well (as long as pharming check is disabled)

    Also note the KB articles about extra steps needed to load the UTM CA on Apple devices.

Children
No Data