Web content filtering breaks Hulu and Netflix.

Question

There are numerous posts with an identical issue. None have an actual solution, at least not one that Sophos has recommended. Seems like there should be a checkbox or an easy policy to allow this sort of traffic. The rules I've seen posted in here seem to be reporting mixed results. Sophos, please provide DETAILED instructions for allowing Hulu, Netflix, iTunes, Amazon, and any other mainstream streaming services through your HTTP, HTTPS, Malware, Web Content Filters. 
 
 Thank you!!!

JoeChurch · Accepted Answer

I'm running the XG in VMWare and was able to get Netflix working using a combination of tricks. One was to add URL exceptions to the web filter policy, and the other was to create device user groups and apply a separate policy to that group of devices with all filtering turned off. This fixed the issues for media devices, and the filter policy fixed it for mobile clients (like an iPhone). 
 I came from the UTM 9 home version, and it has been a bumpy ride converting everything. I spent weeks becoming familiar with the UTM (which I LOVED) but that 50 IP limit was killing me as I was always just over the threshold with a 5 person family (and I'm an IT engineer so I have lots of gadgets). Anyway, it is possible to get netflix working, but it would be nice if the interface made it easier to do so. I feel like I've had to hack a few things to get basic features to work. The UTM was a bit more intuitive once you got your bearings.

JohnnySlos · Answer

This list did the trick for me. 
 
 ^https?://([A-Za-z0-9.-]*\.)?ne?t?fli?x(img|ext|video)?\.(com|net)/ ^http?://[A-Za-z0-9.-]*netflix.com/ ^http?://[A-Za-z0-9.-]*nflximg.com/ ^https?://([A-Za-z0-9.-]*\.)?nflximg\.com\.?/ ^https?://([A-Za-z0-9.-]*\.)?nflxvideo\.net\.?/ ^https?://([A-Za-z0-9.-]*\.)?netflix\.com/ ^http?://([A-Za-z0-9.-]*\.)?netflix-*.vo.llnwd.net/.* ^https?://secure\.netflix\.com/* ^https?://uiboot\.netflix\.com/* ^http?://23.246.[0-63].* ^http?://37.77.1(8[4-9])|(9[0-1])].* ^http?://45.57.([0-1][0-1][0-9])|(12[0-7]).* ^http?://64.120.(12[8-9])|(1[3-9][0-9])|(2[0-4][0-9])|(25[0-5]).* ^http?://66.197.(12[8-9])|(1[3-9][0-9])|(2[0-4][0-9])|(25[0-5]).* ^http?://108.175.(3[2-5,8,9])|(4[0-4,6,7]).* ^http?://185.2.22[0-3].* ^http?://185.9.(188)|(19[0-1]).* ^http?://192.173.(6[4-9])|([7-9][0-9])|(10[0-9])|(11[0-7]).* ^http?://198.38.(9[6-9])|(10[2-3,8-9])|(11[0-9])|(12[0-5]).* ^http?://198.45.(4[8-9])|(5[2-8])|(6[1-3]).* 
 Ip-ranges might change over time. Check them at : 
 http://ipinfo.io/AS2906#blocks

lferrara · Answer

Anthony, 
 if you have a Policy where Web Filter is applied and HTTP and/or HTTPS scan is on, you have to edit the web filter and add exceptions in this way: 
 https://community.sophos.com/products/xg-firewall/f/129/p/75503/290316#290316 
 See the thread above. 
 If IPS is blocking that traffic, inside the Log Viewer you see the signature ID matched, so remove that one from your IPS policy. By default all onboard IPS cannot be customized.

Stephen Rothery · Answer

I got this working on Sophos XG with both the Netflix App on Android and in the browser with the following regex. It is basically using the same stuff that worked for Sophos UTM with the docco of Sophos XG here: https://community.sophos.com/kb/en-us/125061 
 Basically once the http and https bits are removed, the error about an invalid web address goes away and it works fine. 
 ^([A-Za-z0-9.-]*\.)?ne?t?fli?x(img|ext|video)?\.(com|net)/ ^[A-Za-z0-9.-]*netflix.com/ ^[A-Za-z0-9.-]*nflximg.com/ ^([A-Za-z0-9.-]*\.)?nflximg\.com\.?/ ^([A-Za-z0-9.-]*\.)?nflxvideo\.net\.?/ ^([A-Za-z0-9.-]*\.)?netflix\.com/ ^([A-Za-z0-9.-]*\.)?netflix-*.vo.llnwd.net/.* ^secure\.netflix\.com/* ^uiboot\.netflix\.com/* ^23.246.[0-63].* ^37.77.1(8[4-9])|(9[0-1])].* ^45.57.([0-1][0-1][0-9])|(12[0-7]).* ^64.120.(12[8-9])|(1[3-9][0-9])|(2[0-4][0-9])|(25[0-5]).* ^66.197.(12[8-9])|(1[3-9][0-9])|(2[0-4][0-9])|(25[0-5]).* ^108.175.(3[2-5,8,9])|(4[0-4,6,7]).* ^185.2.22[0-3].* ^185.9.(188)|(19[0-1]).* ^192.173.(6[4-9])|([7-9][0-9])|(10[0-9])|(11[0-7]).* ^198.38.(9[6-9])|(10[2-3,8-9])|(11[0-9])|(12[0-5]).* ^198.45.(4[8-9])|(5[2-8])|(6[1-3]).*