Thread Info
  • State Suggested Answer
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 31 subscribers
  • Views 3808 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Spotify not working when scan http is on

givemecontrol

So it seems since last week (perhaps when i last updated firmware on the firewall, we are running SFOS 17.5.5 MR-5 ) THICK client spotify requests are not going through. the web client works fine.

 

I have found a work around which was to turn off HTTP scanning on the firewall rule. 

 

So firstly, is this a known issue with this new firmware? secondly, i dont want to turn http scan off, so is there another work around? and thirdly, where is the log for http scanning? becuase i have looked through many of the logs  (firewall, ips, web content, etc) and cannot find any logs to do with this problem. I see some denied requests from the client to akamai, but i am not sure if that is spotify or not.  I have seen the related post about https scanning and spoitfy, where it suggests doing an exception, however i think spotify uses several domains.

https://community.sophos.com/products/xg-firewall/f/firewall-and-policies/108889/spotify-and-decrypt-scan-https

 

anyways i am going to try that next, but its annoying to have to do this. i feel like its a bug.



This thread was automatically locked due to age.
Parents
  • +2

     

    creating a blanked spotify.com exception (under web) has fixed the problem. i would like a better solution though.

  • 0 in reply to givemecontrol

    Thanks for this. I also started seeing Spotify skipping songs with 'song not available' errors for the desktop client. I did a bit of debugging on the Spotify client and found that songs were being requested from an Akamai CDN using a HTTP range request and the XG is doing something strange or malforming the request when HTTP scanning is enabled. The client would end up throwing a HTTP 416 'Range Not Satisfiable' error followed by a HTTP 502 'Bad Gateway' causing the songs to skip. It would have been nice to see an entry in the Log Viewer that XG intervened, could have save me some headaches.

Reply
  • 0 in reply to givemecontrol

    Thanks for this. I also started seeing Spotify skipping songs with 'song not available' errors for the desktop client. I did a bit of debugging on the Spotify client and found that songs were being requested from an Akamai CDN using a HTTP range request and the XG is doing something strange or malforming the request when HTTP scanning is enabled. The client would end up throwing a HTTP 416 'Range Not Satisfiable' error followed by a HTTP 502 'Bad Gateway' causing the songs to skip. It would have been nice to see an entry in the Log Viewer that XG intervened, could have save me some headaches.

Children
  • 0 in reply to CyberA

    I would have to agree, the XG really needs to improve the log options, for example on the watchguards you can have different log levels for different components, this sort of behavior would be very useful as you can have more information provided to us the the users for troubleshooting.

    The other function that would be great would be a diagnostic troubleshooting mode where you can toggle for a brief time, verbose logging on all components so you can do you testing and then be able to access the logs in one nice package. These also become great for support because you could then upload the logs for analysis.

  • 0 in reply to CyberA

    Hi,

    do you have do not scan streaming enabled in WEB tab settings?

    Ian