Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 29 replies
  • Answers 2 answers
  • Subscribers 10 subscribers
  • Views 86092 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Arlo Netgear Cameras

NicholasChase

I use Sophos UTM 9  and alongside this I use Arlo Netgear cameras.

Netgear say they only need port 80 and 443 open, and all is fine when Web Filtering Standard Option is turned on.  As soon as you switch this to Transparent mode, the playback of Live Streaming (which used Flowplayer and Amazon services) stops working.   You can use all other functions, just live playback fails with the onscreen error message that the cameras have gone offline.

I have tried setting up an exception as follows

^https?://[A-Za-z0-9.-]+\.arlo.netgear\.com
^https?://[A-Za-z0-9.-]+\.arlos3-prod-z1.s3.amazonaws\.com
^https?://[A-Za-z0-9.-]+\.www.w3.org
^https?://[A-Za-z0-9.-]+\.angularjs.org
^https?://[A-Za-z0-9.-]+\.www.google-analytics.com

and also put arlo.netgear\.com and subdomains as a trusted site but nothing seems to work. 

The weblog only shows the following

2016:01:05-22:29:27 utm httpproxy[5262]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.0.22" dstip="54.231.130.233" user="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="203096" request="0xdf99a800" url="arlos3-prod-z1.s3.amazonaws.com/" referer="" error="" authtime="0" dnstime="19444" cattime="0" avscantime="0" fullreqtime="13845978" device="0" auth="0" ua="" exceptions="content,url" application="amazonws" app-id="800"

Any help appreciated



This thread was automatically locked due to age.
  • 0
    Hi NicholasChase,

    can you try the web exceptions:

    ^https?://([A-Za-z0-9.-]*\.)?arlo\.netgear\.com
    ^https?://([A-Za-z0-9.-]*\.)?arlos3-prod-z1\.s3\.amazonaws\.com
    ^https?://([A-Za-z0-9.-]*\.)?w3.org
    ^https?://([A-Za-z0-9.-]*\.)?angularjs.org
    ^https?://([A-Za-z0-9.-]*\.)?google-analytics.com

    These should fit your addresses specified - I think your regex' are invalid

    Nevermind: Statuscode 200 - Connect is just a logging entry so therefore no Content was blocked.
    Can you specify a Proxy Address in the netgear Settings itself?
  • 0 in reply to DarkKnight93
    Thanks for the comments @DarkKnight93. I have correct the exclusion statements but I am afraid it made no difference.

    The Arlo netgear router is self configuring - it is not accessible by a user - or at least not that I have discovered.

    So currently having to keep web filtering in standard mode which sort of defeats the object.
  • 0 in reply to EricBieber
    @EricBieber - Let me know if you find a solution please
  • 0
    I have made progress and now have the live image displaying - the cameras are no longer reporting off line, however now the log file when clicking on connect to live feed shows

    2016:01:26-21:32:01 utm httpproxy[5281]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="http_parser_context_execute" file="http_parser_context.c" line="97" message="Unable to parse a http message of 147 bytes (HPE_INVALID_METHOD: invalid HTTP method)"
    2016:01:26-21:32:01 utm httpproxy[5281]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xe109d000" function="read_request_headers" file="request.c" line="1540" message="unable to parse a http message on handler 84 (Resource temporarily unavailable)"

    I have investigated and added in the MS Registry key setting that is suggested elsewhere but this has made no difference.
  • 0
    Interestingly enough now that I have the ability to invoke the live feed, from an Android Phone running on my internal network the live image is fine, running from a browser (IE11 or Chrome) the image fails with a connection error - reporting the error in the live log.
  • 0
    How do I get Sophos to look at this issue. It's clearly Sophos Webfiltering that is the issue when used in conjunction with Chrome or IE. It I turn transparent mode off these browsers work fine as does the Arlo android app. As soon as I turn Transparency on the Android App continues to work the broswers throw up the errors I have previously mentioned.
  • 0

    Issues here also using browser (Chrome, IE, Edge tested) in transparent proxy) with all sorts of messages like these in webfiltering live log:

    2016:07:09-23:36:46 utm httpproxy[6957]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="http_parser_context_execute" file="http_parser_context.c" line="97" message="Unable to parse a http message of 193 bytes (HPE_INVALID_METHOD: invalid HTTP method)"

    2016:07:09-23:36:46 utm httpproxy[6957]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xe0029800" function="read_request_headers" file="request.c" line="1545" message="unable to parse a http message on handler 89 (Resource temporarily unavailable)"
    As soon as I put the machine from where I am trying to view live view put in Skip transparent source hosts, live view works as expected.

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • 0 in reply to apijnappels

    I have thousands of these exact messages per hour. Haven't been able to figure it out. It looks like a code bug !

     

    utm httpproxy[5281]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="http_parser_context_execute" file="http_parser_context.c" line="97" message="Unable to parse a http message of 147 bytes (HPE_INVALID_METHOD: invalid HTTP method)"

  • 0

    We are having the exact same issue, UTM 9 with Arlo. You can do everything except view the live feed. When you do, you get :connection failed

    I have tested switching between transparent and standard mode and it didnt work.

     

    It appears to be with the Web Filtering. Turn that off or jump on a network that isnt part of the web filter policy and you can view live feed.

    I have added arlo, netgear and AWS' websites to the Allow These Websites and subdomains in the Filter action for the main/only policy, no go. 

    I have added arlo, netgear and AWS' to the Exceptions under Filtering Options, still no go.

    I have added arlo, netgear and AWS' to the Websites under Filtering Options, with a trusted reputation, still no go.

    I created a App Control Rule under Application Control for all of Amazon Web services, still no go. 

    When checking the web filtering logs (along with any other), i see nothing at all for my IP, for the base stations IP, for the base stations name or anything for AWS

     

Unfiltered HTML