This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Arlo Netgear Cameras

I use Sophos UTM 9  and alongside this I use Arlo Netgear cameras.

Netgear say they only need port 80 and 443 open, and all is fine when Web Filtering Standard Option is turned on.  As soon as you switch this to Transparent mode, the playback of Live Streaming (which used Flowplayer and Amazon services) stops working.   You can use all other functions, just live playback fails with the onscreen error message that the cameras have gone offline.

I have tried setting up an exception as follows

^https?://[A-Za-z0-9.-]+\.arlo.netgear\.com
^https?://[A-Za-z0-9.-]+\.arlos3-prod-z1.s3.amazonaws\.com
^https?://[A-Za-z0-9.-]+\.www.w3.org
^https?://[A-Za-z0-9.-]+\.angularjs.org
^https?://[A-Za-z0-9.-]+\.www.google-analytics.com

and also put arlo.netgear\.com and subdomains as a trusted site but nothing seems to work. 

The weblog only shows the following

2016:01:05-22:29:27 utm httpproxy[5262]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="192.168.0.22" dstip="54.231.130.233" user="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="203096" request="0xdf99a800" url="arlos3-prod-z1.s3.amazonaws.com/" referer="" error="" authtime="0" dnstime="19444" cattime="0" avscantime="0" fullreqtime="13845978" device="0" auth="0" ua="" exceptions="content,url" application="amazonws" app-id="800"

Any help appreciated



This thread was automatically locked due to age.
Parents
  • We are having the exact same issue, UTM 9 with Arlo. You can do everything except view the live feed. When you do, you get :connection failed

    I have tested switching between transparent and standard mode and it didnt work.

     

    It appears to be with the Web Filtering. Turn that off or jump on a network that isnt part of the web filter policy and you can view live feed.

    I have added arlo, netgear and AWS' websites to the Allow These Websites and subdomains in the Filter action for the main/only policy, no go. 

    I have added arlo, netgear and AWS' to the Exceptions under Filtering Options, still no go.

    I have added arlo, netgear and AWS' to the Websites under Filtering Options, with a trusted reputation, still no go.

    I created a App Control Rule under Application Control for all of Amazon Web services, still no go. 

    When checking the web filtering logs (along with any other), i see nothing at all for my IP, for the base stations IP, for the base stations name or anything for AWS

     

  • I eventually got it working

     

    I think it was this that did it in the end  Web - Filtering Options - Misc - Transparent Mode Skip List / Add  Arlo Netgear or what ever you have called (being the Arlo router)  it to both and allow the traffic with the check box.

     

Reply Children
  • I have all the addresses listed for Web Protection\Filtering Options\Exceptions

    As for your transparent mode skiplist, what did you add/enter in for your "Arlo Netgear" Host Network Definition?

    I tried it with the base station IP address and still doesnt work for me. 

    Thanks

  •  

    I also in Web Profiles Misc settings turned on  Bypass Streaming.

     

  • Thanks for the reply, i have setup everything identical to what you supplied and it is still happening. 

     

    If i turn web filtering off, it works. If i turn it on, it doesnt. 

    I tried switching between Standard and Transparent mode but for both, it doesnt work.

    I tried adding all the sites to the "Allow these websites" for the only profile we are using, still doesnt work.

    I check the existing and live logs but i cannot find anything referncing the Alro's IP, MAC or Device Name, so i cant get anything out of it. 

     

    Timing wise in the web filter logs, it looks like it is these errors (like  stated):

    2017:04:21-08:07:02 sophos01-1 httpproxy[13031]: id="0003" severity="info" sys="SecureWeb" sub="http" request="(nil)" function="http_parser_context_execute" file="http_parser_context.c" line="97" message="Unable to parse a http message of 200 bytes (HPE_INVALID_METHOD: invalid HTTP method)"
    2017:04:21-08:07:02 sophos01-1 httpproxy[13031]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xdedcd200" function="read_request_headers" file="request.c" line="1550" message="unable to parse a http message on handler 144 (Resource temporarily unavailable)"
  • Hi, Michael, and welcome to the UTM Community!

    Clearly, you're not skipping the Proxy or there would be nothing in the logs.  In Standard mode, you must skip the proxy in 'Proxy Settings' in your browser as the 'Transparent Mode Skiplist' applies only to Transparent mode.

    In the Skiplist, does the definition for your camera violate #3 in Rulz?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • I'm also experiencing issues with Netgear Arlo Pro cameras.  From the iOS app on my iPhone, I can open the app, connect to my account see all my cameras, change settings and view previous recordings successfully.  However, when I try to view the live feed from a camera it fails to start the video feed.

     

    Here are my settings. UTM 9.502-4, Web Filtering in Transparent mode, Decrypt and Scan HTTPS traffic.  The following Exception:

    The following Transparent Mode Skiplist:

    It may be worth noting that I get the same functionality if I completely disable that Exception rule and remove the Arlo Base Station from the Skip Mode Destination List, so it seems the only thing doing some good is the Arlo Base Station in the Skip Mode Source list. (Without that the Base Station shows a yellow light meaning it can't connect to Netgear servers and the iOS app can't connect at all.)

    Everytime I click the Live feed button in the iOS app, I see this line in the Web Filter log:

    2017:08:28-16:01:54 firewall httpproxy[5721]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xa208600" function="ssl_connect" file="ssl.c" line="1564" message="ssl_handshake: Input/output error"

    As you can see this is very unhelpful and doesn't give me any clues on what urls to attempt to add to the Exception rule.  If I change Decrypt and Scan HTTPS to URL Filtering Only, then I can view the live feeds successfully the iOS app.  Any ideas?

  • Hi, Andrew, and welcome to the UTM Community!

    Did you solve your problem with the entry in the Source Skiplist?  If you're trying to contact the camera from an iOS device, then you might also need the Destination Skiplist.  It sounds like the camera is doing something other than HTTP/S conversation - a proprietary protocol maybe.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob.  So the camera system has a base station that connects to the network with an ethernet cable.  The base station creates its own wireless network that the cameras connect to.  So all communication is going through that base station.

    If I do not add the base station to the Source Skiplist, then the "Internet" light on the base station is Yellow, meaning it's not connected to the Netgear servers, and when I try to access the cameras from the iOS app, it says the cameras are off line.  When I DO add the base station host to the Source Skiplist, the Internet light goes green and I can access the base station from the iOS app.

    When my iPhone is on my internal network wifi, I cannot view the live stream from the cameras using the iOS app.  However, if I go onto LTE and off of my wifi, then I CAN successfully view the live feed.

    So, the problem does not seem to be with the base station.  The problem is from the iOS app itself (can view live feed off network but not on network). If I could see what URL the iOS app is trying to access when I click the View camera feed button I could add an SSL decryption exception for it.  The problem is, all I see in the log is:

    2017:08:28-16:01:54 firewall httpproxy[5721]: id="0003" severity="info" sys="SecureWeb" sub="http" request="0xa208600" function="ssl_connect" file="ssl.c" line="1564" message="ssl_handshake: Input/output error"

  • I figured this out for the iOS app.

    First of all, in my Filter Action I had Log Blocked Sites, but I didn't have Log Accessed Sites checked.  I enable the Log Accessed Sites and started to see some more useful information in the Web Filter log.

    I saw that when I clicked the Live feed button it would send https requests to various AWS owned IP addresses.  I did this a bunch of times and it sent the request to a new IP every time.  So I created this exception rule:

    Now when I click the Live feed button in the iOS app from my wifi, the video feed works successfully.

  • That is an awful lot of IP-addresses (actually all existing IPv4 addresses and much much more) that you just skip SSL and certificate checks on.....

    Thats a giant hole you shoot into your webfiltering checks...


    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • Andrew, it sounds like you want Accessing Internal or DMZ Webserver from Internal Network.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA