Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 37 replies
  • Answers 1 answer
  • Subscribers 38 subscribers
  • Views 134973 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG Firewall and Netflix

Daniel Bingham

I have recently changed my home network from a SG VM to XG VM running on ESXi

 

I am getting errors when running Netflix via Apple TV

 

To try get around this, I created a new firewall policy as follows:

  • Rule Name: Bypass Web
  • Source Zones: LAN
  • Source Networks and Devices: Bypass MAC's (with a MAC List with my ATV's in there)
  • Destination Zones: WAN
  • Destination Network: Any
  • Services: Any
  • Match known users: Unchecked
  • All Malware Scanning: Unchecked
  • Advanced:
    • Intrusion Prevention: None
    • Traffic Shaping Policy: None
    • Web Policy: None
    • Application Control: None
    • Apply Web Category based Traffic Shaping Policy: Unchecked
    • Apply Application based Traffic Shaping Policy: Unchecked
    • Rewrite source address (Masquerading): Checked

Even in the firewall log I get all green:

 

What am I doing wrong?

 

Thanks



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to Bill Roland

    I am doing the exact thing but with MAC exception, that way I don't have to reserve the device's IP (not like that is such an issue). I doubt excepting the IP would make a difference since I am just "skinning the cat" in a different way via MAC exception vs. IP exception...

     

    I am thankful that I still have my SG VM as the XG is far from replacing it at present.

  • 0 in reply to Bill Roland

    Hi Bill, 

    You may need to add the following regex in exceptions 

    You should now be able to watch Netflix without any streaming issues.

    Regex list

    • ^([A-Za-z0-9.-]*\.)?ne?t?fli?x(img|ext|video)?\.(com|net)/
    • ^23\.246\.([0-9]|[1-5][0-9]|6[0-3])\.[0-9]
    • ^37\.77\.(1(8[4-9]|9[0-1]))\.[0-9]
    • ^45\.57\.([0-9]|[1-9][0-9]|1([0-1][0-9]|2[0-7]))\.[0-9]
    • ^64\.120\.(1(2[8-9]|[3-9][0-9])|2([0-4][0-9]|5[0-5]))\.[0-9]
    • ^66\.197\.(1(2[8-9]|[3-9][0-9])|2([0-4][0-9]|5[0-5]))\.[0-9]
    • ^192\.173\.(6[4-9]|[7-9][0-9]|1([0-1][0-9]|2[0-7]))\.[0-9]
    • ^69\.53\.(2(2[4-9]|[3-4][0-9]|5[0-5]))\.[0-9]
    • ^108\.175\.(3[2-9]|4[0-7])\.[0-9]
    • ^185\.2\.(2(2[0-3]))\.[0-9]
    • ^185\.9\.(1(8[8-9]|9[0-1]))\.[0-9]
    • ^198\.38\.(9[6-9]|1([0-1][0-9]|2[0-7]))\.[0-9]
    • ^198\.45\.(4[8-9]|5[0-9]|6[0-3])\.[0-9]
    • ^208\.75\.(7[6-9])\.[0-9]

    For more information please refer the KB article. https://sophos.com/kb/125061 

  • 0 in reply to Aditya Patel

    Hi Aditya, that was the first thing I tried, but it did not work for me. 

  • 0 in reply to Aditya Patel

    Hi Aditya, I am the same as Bill, I did exactly that plus more with the Regex's still no good. I am in Australia so I am unsure if Netflix uses different IP's globally and if they do, I have no idea what they are.

     

    Also, I would have thought as per my config, since I am not having the firewall entry do any form of scanning, filtering would not be playing a part at all.