Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 7 replies
  • Answers 1 answer
  • Subscribers 30 subscribers
  • Views 1741 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to block Netflix over LTE-Backup-Interface

Farni Farni

Hi there!

 

I have a Sophos XG at home with new software SFOS 18.0.1 MR-1-Build396.

I've set up a backup interface via LTE, which works well in itself. Since I only have a 3 GB quota there, I would of course like to avoid it, in the event of a failover,  that Netflix will be streamed over this line. But somehow I can't manage to explicitly prohibit Netflix for my port 3.

How can I do that? Any ideas?



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to LuCar Toni

    Hi!

     

    I tried with SD-WAN Policy-Based Routing, but this is also not working.

    I configured that Streaming will be routed over my primary interface only, Backup is configured "none"

     

    But Netflix is still possible, when deactivating my primary interface.

     

    I don´t understand why?

     

  • 0 in reply to Farni Farni

    Hello

    You will need to create a Firewall rule,

    Lan to Wan, with web content and application filtering for Netflix.

    and then specify this to use the primary link only, not Wan Load balance.

  • 0 in reply to GavinDaniels

    Hi Gavin,

     

    do you mean like this:

    I cannot test it right now, because I am at work.
    In the new software it´s all a little bit different. I cannot choose the interface at the bottom of the rule anymore.

     

    Hm, thinking about this, this cannot be right. Like this I will block Netflix AND my Port3 (LTE-Backup), right? So, no traffig will be allowed via Port 3.

  • 0 in reply to Farni Farni

    Hey.

     

    am onsite at present so can’t screenshot anything.

    You need to set up in the web filtering a group for Netflix, and also set up an app filter group for it.

    then create a firewall rule which has these settings added.

    further down on the page is the web content, app filter and traffic management rule.

     

    if you don’t have licences for these, you could try a destination rule with the Netflix address ranges and set one with primary wan link only, and a second rule as a deny with backup link only.

  • 0 in reply to GavinDaniels

    Hi!

    I tried everthing, but Netflix is always possible, no matter what I configure.

    I think in the new firmware 18.x.x it´s all a little bit different than in 17

     

    The main problem is to block netflix via the backup interface, but of course allow it via primary WAN-interface

    Of course, when I configure rules to block Netflix globally then it´s working fine, but not when trying

    to configure it for the backup interface.

     

    Maybe you can sent some pics. BUT, it should be version 18!

  • +1 in reply to Farni Farni

    Hello  

    We've tried to reach this configuration whitout success.

    it should be possible with V18 (not V17) with SD-WAN routing policy based by application... But this feature is totally bloated and useless so it doesn't work !

    Most of the time, XG will consider the trafic as HTTPS (which is allowed) and not as a streaming application. And the trafic is classified one time at the session establishement so... it will remain as https trafic !