Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +3 person also asked this people also asked this
  • Locked Locked
  • Replies 19 replies
  • Answers 2 answers
  • Subscribers 32 subscribers
  • Views 48504 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Snapchat messaging not working with iPhone

IainH

Hi,

Quite new to Sophos XG - running latest 16.01.2 and all seems OK save for one thing.

Snapchat messaging on my daughters iPhone doesn't work. 

It works when using cellular data and it works when she attaches to other WiFi networks.

But not when she comes home and attaches to our WiFi which is behind the XG box.

There was a web and application policy on the rule blocking unwanted stuff but that has been removed. It's basically just a rule allowing anything from LAN -> WAN with the MASQ outbound NAT stuff set.

Malware scanning options are all unset. 

Has anyone else come across this? What can I check?

iain



This thread was automatically locked due to age.
Parents
  • 0

    Hi Iain,

    Check #1 in my guide here. If you see any drop reason then you know which configuration part to mangle.

    Thanks

  • 0 in reply to sachingurung

    Hi, thanks for for the followup.

    I ran the drop-packet utility against the IP address in question and it yielded nothing.

    No packets dropped.

    iain

  • 0 in reply to IainH

    I was new to Sophos last year. It has a little earning curve for sure compared to the others in the marked. I was big into Sonicwall, Watchguard, and PIX/ASA as well. Once you learn XG I think you will like it alot. Anyway back to your issue. The only other thing I see on your rule is IPS. Can you disable that and give it a try?

  • 0 in reply to IainH

    Hi Iain,

    If you do not capture anything in the drop logs than I suspect that the issue is caused due to XG.

    Thanks

  • 0 in reply to sachingurung

    Hi thanks.

    Yeah, the only thing is the Sophos. Like I say, the iPhone works fine when not behind this XG gateway.

    My sister has an iphone and will be visiting over the weekend. I'll have her try.

    cheers

    iain

  • 0 in reply to IainH

    I'm facing the same issue with Snapchat not working through the firewall.  Running Sophos XG firmware 16.01.2.  I was running firmware15.01.0 MR-3 and had the same issue, so I figured I would try 16 to see if the issue had been resolved.  

    I've tried everything mentioned in the post above, and even tried disabling all rules except one that allows anything with no scanning or inspection what-so-ever.  Snapchat messages fail to send from iPhones and I briefly get a red banner at the top of the app that says "No internet connection".  Yet every other app and web browsing seem to work just fine.  Running a drop-packet-capture for the traffic from my iPhone, I get the following:

     

    2016-12-30 10:58:26 0102021 IP 192.168.1.206.53469 > 216.58.194.78.443 : proto TCP: F 4010363220:4010363220(0) win 8190 checksum : 58539

    0x0000:  4500 0028 9a67 4000 4006 4369 c0a8 01ce  E..(.g@.@.Ci....

    0x0010:  d83a c24e d0dd 01bb ef09 4954 af75 93bd  .:.N......IT.u..

    0x0020:  5011 1ffe e4ab 0000                      P.......

    Date=2016-12-30 Time=10:58:26 log_id=0102021 log_type=Firewall log_component=Invalid_Traffic log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port1 out_dev= inzone_id=0 outzone_id=0 source_mac=18:f6:43:50:e6:80 dest_mac=00:0c:29:e9:a2:37 l3_protocol=IP source_ip=192.168.1.206 dest_ip=216.58.194.78 l4_protocol=TCP source_port=53469 dest_port=443 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=0 connid=0 masterid=0 status=0 state=0 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

     

    The "log_component=Invalid_Traffic" seems to indicate that the firewall doesn't recognize the traffic and thus denies it. The dest_ip above is just one example of various that I see. 

    Has anyone been able to get this to work?

    Cheers,

    Peter

  • 0 in reply to Peter Tijerina

    Peter, that IP is a Google IP... so far as I know, Snapchat has nothing (yet!) to do with Google.

    When I ran the log-drop-packet thingy, I didn't see any drops.

    iain

  • 0 in reply to IainH

    Unknown said:

    Peter, that IP is a Google IP... so far as I know, Snapchat has nothing (yet!) to do with Google.

    would not be so sure -> https://www.capitalg.com/companies/ - google´s parent alphabet has invested in snapchat

  • +3 in reply to IainH

    Iain,

    My apologies for not checking back on this. I had some time to investigate and I can replicate the issue when pharming protection is enabled under Web Protection. Can you see if yours is enabled and if so disable it and give that a shot?

  • 0 in reply to MichaelBolton

    FANTASTIC! Yes, that worked! I have a happy teenager again!

     

    Begs a couple of questions:

    How come Sophos wasn't recording anything pertaining to this in the logs and

    What is the Apple version doing that the Android version doesn't do?

     

    Anyway -- it's working now.

    Thanks again!

    iain

Reply
  • 0 in reply to MichaelBolton

    FANTASTIC! Yes, that worked! I have a happy teenager again!

     

    Begs a couple of questions:

    How come Sophos wasn't recording anything pertaining to this in the logs and

    What is the Apple version doing that the Android version doesn't do?

     

    Anyway -- it's working now.

    Thanks again!

    iain

Children
No Data