Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 27 subscribers
  • Views 2269 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Ecobee Thermostat incorrectly classified as TOR Proxy when connecting to servers

shred

Posting this for anyone else that runs into this issue. I have an application filter setup that blocks all high risk applications that can bypass the firewall. When installing my Ecobee 3 Lite thermostat, it would not connect to the Ecobee servers because Sophos XG was blocking TOR Proxy. I'm not exactly sure how the Ecobee device connects to its servers for updates but this appears to be an incorrect classification.



This thread was automatically locked due to age.
Parents
  • 0

    I just noticed the past couple days the Application Filter blocking a connection from outside my network to my ecobee 3 lite which is being classified as "Ultrasurf Proxy". Here is the entire firewall log:

    2019-01-28 17:15:24Application filtermessageid="17051" log_type="Content Filtering" log_component="Application" log_subtype="Denied" fw_rule_id="7" user="" user_group="" appfilter_policy_id="9" category="Proxy and Tunnel" app_name="Ultrasurf Proxy" app_risk="5" app_technology="Client Server" app_category="Proxy and Tunnel" src_ip="216.220.61.236" src_country="CAN" dst_ip="172.16.16.22" dst_country="R1" protocol="TCP" src_port="8190" dst_port="58647" bytes_sent="0" bytes_received="0" status="Deny" message="" appresolvedby="Signature"

    I checked the IP address and confirmed it's ecobee server. Email sent to ecobee asking what this connection is for.

Reply
  • 0

    I just noticed the past couple days the Application Filter blocking a connection from outside my network to my ecobee 3 lite which is being classified as "Ultrasurf Proxy". Here is the entire firewall log:

    2019-01-28 17:15:24Application filtermessageid="17051" log_type="Content Filtering" log_component="Application" log_subtype="Denied" fw_rule_id="7" user="" user_group="" appfilter_policy_id="9" category="Proxy and Tunnel" app_name="Ultrasurf Proxy" app_risk="5" app_technology="Client Server" app_category="Proxy and Tunnel" src_ip="216.220.61.236" src_country="CAN" dst_ip="172.16.16.22" dst_country="R1" protocol="TCP" src_port="8190" dst_port="58647" bytes_sent="0" bytes_received="0" status="Deny" message="" appresolvedby="Signature"

    I checked the IP address and confirmed it's ecobee server. Email sent to ecobee asking what this connection is for.

Children
  • 0 in reply to shred

    Hello shred,

    The signature must have matched with the pattern the device generates. We would recommend to open a support case to get it corrected and please check with the vendor why the communication was requested. To open support investigation please click here.

  • 0 in reply to Aditya Patel

    Just got a response from Ecobee support. They confirmed it's legitimate traffic from them, source IP 216.220.61.236 on port 8190. Again, this is being classified as "Ultrasurf Proxy" in the Sophos XG application filter along with "TOR Proxy".

    I can't open support investigations because I'm a Sophos XG Home user. When I tried, I was told the only place I can get support is these forums. I'm not looking for support, just looking to submit information to hopefully make Sophos XG better but apparently the support team doesn't want it so I figured I'd just post it here in case anyone runs into the issue.