This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Solution found for Netflix streaming on mobile with web filtering enabled

I know other admins have been looking for a solution to allow streaming Netflix content without whitelisting a device. Another user posted a solution in the XG Group that worked for me with UTM9

https://community.sophos.com/products/xg-firewall/f/129/t/74689

The same logic could probably be used for other streaming services as well. 



This thread was automatically locked due to age.
  • Thanks for the info! Do these entries to in the Transparent Mode Skiplist to bypass the web filtering?

  • I just added the info to the Exception list under Filtering Options

  • That worked great, thanks again!

  • On UTM 9.411-3 - Works great! Thanks a lot. 

  • Please do not use the excessive RegEx that were posted there.  There is poor RegEx including unparsable things and overly wide definitions that will catch a lot of non netlflix traffic.

    Instead use the list here, which is a corrected and trimmed version.

    https://community.sophos.com/kb/en-us/125061

  • I've implemented all the exclusions on this post; still no go for me :(

    The http proxy seem to break the stream even with the exclusions in place.. The only work around that works is to add the hosts/networks in "Skip transparent mode" but that remove all the benefits of the UTM for thoses hosts; which is a pretty bad option. Or disabling Web Protection completly.

    I've looked at all the logs; there is nothing wrong in the firewall logs and the Web Protection log show that the exclusions are indeed being applied...

    2017:07:21-21:43:49 plasmashield httpproxy[27766]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="10.100.5.141" dstip="23.246.6.148" user="" group="" ad_domain="" statuscode="206" cached="0" profile="REF_HttProContaInterNetwo (Roaming Devices)" filteraction="REF_HttCffBlockBadNoAv (Default content filter action (no AV))" size="185446" request="0x2cc54c00" url="23.246.6.148/ referer="" error="" authtime="0" dnstime="0" cattime="0" avscantime="0" fullreqtime="7987490" device="0" auth="0" ua="" exceptions="av,auth,content,url,ssl,certcheck,certdate,mime,cache,fileextension,size,patience"

     

    Any ideas what else I can do? It seem that the exception are not enough...  Seems like something Sophos could get resolved in the http proxy...

     

    Thanks

  • Those are some crazy rules, I just added their two huge IP blocks to the skip destination list (108.175.32.0/20, 23.246.0.0/17), and this one rule:

     

    Authentication / Caching / Block by download size / Antivirus / Extension blocking / MIME type blocking / URL Filter / Content Removal / SSL scanning / Certificate trust check / Certificate date check / Blocked page logging / Do not display download/scan progress page
    Matching these URLs: ^https?://([A-Za-z0-9.-]*\.)?netflix\.com\.?/

    I also put netflix.com in the default content filter website whitelist with the all subdomains box checked.  Sometimes, it takes a couple seconds longer than I expect for the stream to start, but it always starts (tested on Tivo, Andriod, Windows 10 browser and app, and I think iOS, but i don't remember).

  • Thank you Michael for pointing that out. But could you maybe go into more detail? For me Netflix works with the list from this post, but not with the "official one". I only skip SSL, nothing else.

  • Since I wrote the official one and had it confirmed by some people, I'm concerned and interested.

    From my memory, you must skip antivirus scanning.

     

    Please note that the "list from this post" is poorly written regex that does not do what the person intended.  For example it includes this regex:

    ^45.57.([0-1][0-1][0-9])|(12[0-7]).*

    Which actually matches anything with 12[0-7] in it.  In other words that regex matches the url my.company.com/foo125/bar

    And this one:

    ^37.77.1(8[4-9])|(9[0-1])].*

    Which is unparseable due to an extra ]

     

     

    Can you do the following.

    Use the regex from the KB and exclude AV.

    Clear the log file

    > /var/log/http.log

    Reproduce the problem.

    Then PM me a copy of the http.log.

  • The issue is found.  The KB article is written for XG.  For UTM the format for the exception is slightly different.  You must prepend each entry with https?://

    ^https?://([A-Za-z0-9.-]*\.)?ne?t?fli?x(img|ext|video)?\.(com|net)/
    ^https?://23\.246\.([0-9]|[1-5][0-9]|6[0-3])\.[0-9]
    ^https?://37\.77\.(1(8[4-9]|9[0-1]))\.[0-9]
    ^https?://45\.57\.([0-9]|[1-9][0-9]|1([0-1][0-9]|2[0-7]))\.[0-9]
    ^https?://64\.120\.(1(2[8-9]|[3-9][0-9])|2([0-4][0-9]|5[0-5]))\.[0-9]
    ^https?://66\.197\.(1(2[8-9]|[3-9][0-9])|2([0-4][0-9]|5[0-5]))\.[0-9]
    ^https?://192\.173\.(6[4-9]|[7-9][0-9]|1([0-1][0-9]|2[0-7]))\.[0-9]
    ^https?://69\.53\.(2(2[4-9]|[3-4][0-9]|5[0-5]))\.[0-9]
    ^https?://108\.175\.(3[2-9]|4[0-7])\.[0-9]
    ^https?://185\.2\.(2(2[0-3]))\.[0-9]
    ^https?://185\.9\.(1(8[8-9]|9[0-1]))\.[0-9]
    ^https?://198\.38\.(9[6-9]|1([0-1][0-9]|2[0-7]))\.[0-9]
    ^https?://198\.45\.(4[8-9]|5[0-9]|6[0-3])\.[0-9]
    ^https?://208\.75\.(7[6-9])\.[0-9]