Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 28 replies
  • Answers 2 answers
  • Subscribers 30 subscribers
  • Views 8867 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG Firewall Apple TV+ Connection Issues

Casual_User

Ok, so I decided to give Apple TV+ a try.  I am aware of how finicky Apple products can be, but decided to give it a whirl anyway.  Perhaps I'm beating a dead horse on this.

The first issue was the XG blocking QUIC, once I allowed QUIC, streaming seemed to work fine.  Then things started going off the rails.  I now get intermittent issues where Apple Music and Apple TV+ cannot connect.  Apple TV+ provides the following message "Content Unavailable".  This occurs no matter if I use an iPad, iMac or Android box.

I use Android boxes with the Apple TV+ app installed.

Apple Music and Apple TV+ drop out every 15 or 20 minutes and they remain gone for several minutes before miraculously connecting.  During the Apple down time, the Apple TV+ connection tests pass connecting to the internet but fail with connection to Apple.  I can stream using Disney+ with full 4k HDR10 without a single hiccup at any time and no rule exemptions.  My Speedtest shows absolutely no issues with my fibre line.

I have tried a number of "troubleshooting" steps with disabling one thing or the other.  This became extremely time consuming since the XG takes a very long time to update a firewall rule.  To speed things up, I have created the following rule at the top of my rules list:

  • LAN to WAN
  • Allow any service
  • Allow any source
  • Allow any destination
  • Web Policy = "Allow All"
  • Malware scanning disabled
  • Use web proxy instead of DPI
  • App Control = "Allow All"
  • IPS = "None"

Believe it or not, with the above rule the Apple TV+ and Apple Music still refuse to connect.

At this stage I am at a complete loss as to how to troubleshoot this further.  I cannot see how the XG might be interfering with the connection.  

I should add that I am attempting to troubleshoot this from my iMac by testing the Apple TV+ app on it.

As I finish typing this post, Apple TV+ & Apple Music both came back online.



This thread was automatically locked due to age.
Parents
  • +1

    I have solved this issue.  It was not related to the XG, my computer or my ISP.  Oddly enough, it was Windows Update for a Windows 10 computer that I have which put me on the trail of the underlying issue.

    I use an iMac for my main computer.  I have a number of other devices including a Windows 11 machine and Windows 10.  I rarely use the Win10 computer as it is just a spare.  Recently I noticed that the Win10 machine could not connect to Windows Update while Win11 machine worked fine.  The Win10 machine had no issues with internet or network access.  The Windows troubleshooter on the Win10 machine indicated that it could not lookup an address in the format of xxx.catalog.xxx.microsoft.com.  While I could not lookup this address using nslookup other addresses resolved fine.  When I pointed nslookup directly to the outside DNS servers (forwarders) that I am using, it could resolve the address fine.  So that meant that there was an issue with my internal DNS server.  Clearing the DNS cache on my DNS server resolved the problem.  I am still trying to figure out the underlying issue.  I. don't understand why my DNS server couldn't resolve the address although it was using the same external reference DNS server that I used for the manual nslookup.  It is set to scavenge addresses after 7 days.  

    The obvious deduction was that if Windows update could not resolve some external IP addresses, then the same must be true for other domains including the ones needed for Apple TV+ to work.

    To summarize, the firewall rules etc posted here work with the requisite TLS/SSL exemptions.  I am using DPI instead of the proxy and things seem to work fine as long as you have the correct TLS/SSL exemptions.

    I wish Apple had a troubleshooter as it would have been much easier to resolve my issue if they did.  Thankfully, and strangely, the Microsoft troubleshooter for Windows 10 updates helped my solve my Apple TV+ connectivity issue on my iMac.

Reply
  • +1

    I have solved this issue.  It was not related to the XG, my computer or my ISP.  Oddly enough, it was Windows Update for a Windows 10 computer that I have which put me on the trail of the underlying issue.

    I use an iMac for my main computer.  I have a number of other devices including a Windows 11 machine and Windows 10.  I rarely use the Win10 computer as it is just a spare.  Recently I noticed that the Win10 machine could not connect to Windows Update while Win11 machine worked fine.  The Win10 machine had no issues with internet or network access.  The Windows troubleshooter on the Win10 machine indicated that it could not lookup an address in the format of xxx.catalog.xxx.microsoft.com.  While I could not lookup this address using nslookup other addresses resolved fine.  When I pointed nslookup directly to the outside DNS servers (forwarders) that I am using, it could resolve the address fine.  So that meant that there was an issue with my internal DNS server.  Clearing the DNS cache on my DNS server resolved the problem.  I am still trying to figure out the underlying issue.  I. don't understand why my DNS server couldn't resolve the address although it was using the same external reference DNS server that I used for the manual nslookup.  It is set to scavenge addresses after 7 days.  

    The obvious deduction was that if Windows update could not resolve some external IP addresses, then the same must be true for other domains including the ones needed for Apple TV+ to work.

    To summarize, the firewall rules etc posted here work with the requisite TLS/SSL exemptions.  I am using DPI instead of the proxy and things seem to work fine as long as you have the correct TLS/SSL exemptions.

    I wish Apple had a troubleshooter as it would have been much easier to resolve my issue if they did.  Thankfully, and strangely, the Microsoft troubleshooter for Windows 10 updates helped my solve my Apple TV+ connectivity issue on my iMac.

Children
No Data