Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 6 replies
  • Answers 2 answers
  • Subscribers 31 subscribers
  • Views 9706 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

EA Origin

Daan

Today I noticed after putting the Sophos XG in place, it's no longer possible to download games from EA Origin client.

I created a small test rule to allow the internal IP of this particular client to connect to the internet without any ristrictions, and this quickfixes the problem.

 

I did do a search for this particular issue, but I only find articles related to the old UTM.

Anybody else experienced this issue with a Sophos XG and has the working solution at hand?

 

Thanks



This thread was automatically locked due to age.
  • 0

    Which Policy did you use? 

    Can you show us the policy? Maybe HTTPs Scanning issued this. 

  • 0 in reply to LuCar Toni

    I have my standard lan to wan policy, but I never do any https scanning

     

    Scan HTTP

    Block Google QUIC

    Detect zero-days

    Scan FTP for malware

    Lan to wan intrusion prevention

    no traffic shaping

    default web policy

    application control allow all

  • 0 in reply to Daan

    It’s either the web proxy or IPS. My guess is the web proxy. I would try creating that test rule you had and start enabling things one by one, starting with the IPS. This will help isolate exactly what’s causing it. Some applications seem to just not work with web proxies, which unfortunately is used for most things in Sophos XG like web policies, application policies and HTTP scanning. You might just have to create an exception for the EA Origins application to bypass Malware & Content Scanning and Policy Checks under Web -> Exceptions.

  • +1

    I have the exact same issue on my setup. Was using UTM before, and have recently upgraded to XG Home. UTM had similar issues with it originally, so the fix is much the same, just implemented differently.

    Both IPS and the default web policy seem to pick it up on my firewall, if I disable both (in the default policy in the firewall) it works 100%, but disable one or the other and no go.

    I've fixed the web filter with an exception, still working on the IPS rules, don't really want to have to whitelist EA / Origin / Akamai servers, as they'll likely change and make me have to update them randomly.

     

    Here's a screenshot of my exceptions in the web filter, let me know if you find a way around the IPS policies (or if anyone has a correction to my addresses below):

  • 0

    I've managed to get it to work after analyzing the IPS Log Viewer page.

    In my case the IPS system blocks it by Signature ID 34061 (SERVER-IIS Microsoft IIS Range header integer overflow attempt).
    After adding that as an "Allowed" into the chosen IPS policy the download started working immediately. Not saying the rest is working, will check that tomorrow.

     

  • 0 in reply to TijsKeijsers

    I can confirm that both the IPS exception as well as the HTTPS Decrypt exceptions make Origin work and allow Game Downloads. However, Games themselves don't work if they need to connect to some game servers. Good example is the new game Anthem. 

    Has anyone here an updated list of required exceptions?

    Thanks