XG Firewall and Netflix

Is it possible that Apple TV "gets" Netflix content differently than say a PC or a Roku or whatever?  After doing all of this I can't get my Apple TV to play Netflix content; only after I add the IP of the Apple TV to a Web Exception for HTTPS/Malware/Policy checks does it work. 

It is frustrating because looking at the live logs I never see anything from the Apple TV being blocked, and yet it clearly does not work.  Hopefully with v17 finding these kinds of things will be much simpler owing to the improved logging we're being promised.

I already know that mobile devices and desktop browsers get the content differently.  It is quite possible that Apple TV does something else.

I don't think v17 logging will help.

Lower level debugging is required.  Which of course I can do (it's my job) but I'm treading on thin ground with helping publicly.  Even then, it will at best show you additional destinations for the exceptions.

However I can point at the following KB.  https://community.sophos.com/kb/en-us/123185

Hi all,

I started with the KB article https://community.sophos.com/kb/en-us/125061 and updated some patterns.

These are the https + AV exception pattern I'm using right now. It works with the iOS app, but I don't know if the Apple TV app is the same.

^23\.246\.([0-9]|[1-5][0-9]|6[0-3])\.[0-9]
^185\.2\.(2(2[0-3]))\.[0-9]
^192\.173\.(6[4-9]|[7-9][0-9]|1([0-1][0-9]|2[0-7]))\.[0-9]
^108\.175\.(3[2-9]|4[0-7])\.[0-9]
^69\.53\.(2(2[4-9]|[3-4][0-9]|5[0-5]))\.[0-9]
^66\.197\.(1(2[8-9]|[3-9][0-9])|2([0-4][0-9]|5[0-5]))\.[0-9]
^198\.45\.(4[8-9]|5[0-9]|6[0-3])\.[0-9]
^208\.75\.(7[6-9])\.[0-9]
^64\.120\.(1(2[8-9]|[3-9][0-9])|2([0-4][0-9]|5[0-5]))\.[0-9]
^185\.9\.(1(8[8-9]|9[0-1]))\.[0-9]
^([A-Za-z0-9.-]*\.)?ne?t?fli?x(img|ext|video)?\.(com|net)/
^198\.38\.(9[6-9]|1([0-1][0-9]|2[0-7]))\.[0-9]
^45\.57\.([0-9]|[1-9][0-9]|1([0-1][0-9]|2[0-7]))\.[0-9]
^37\.77\.(1(8[4-9]|9[0-1]))\.[0-9]

Additionally I'm running the web AV in scan mode "real-time". This might be an important difference if there are some URLs which are not covered by the patterns.

Best Regards

Dom Nik

*sigh*

I few months ago I cleaned up the list of items in the KB article.  It appears someone has reverted the list.  We are changing it back and seeing if we can lock it.

In the meantime, can you please try with the following.  I know this was confirmed working by other customers a few months ago.

The list you you are using now is one that was community developed as a shotgun approach using a bit of guesswork to get everything NetFlix.

The list below is created by Sophos development to focus on the specific problems that netflix presents.  It is the list that we want to use going forward, and if anyone has problems with this list I want to know so that I can explore the issues.

^([A-Za-z0-9.-]*\.)?ne?t?fli?x(img|ext|video)?\.(com|net)/

^23\.246\.([0-9]|[1-5][0-9]|6[0-3])\.[0-9]

^37\.77\.(1(8[4-9]|9[0-1]))\.[0-9]

^45\.57\.([0-9]|[1-9][0-9]|1([0-1][0-9]|2[0-7]))\.[0-9]

^64\.120\.(1(2[8-9]|[3-9][0-9])|2([0-4][0-9]|5[0-5]))\.[0-9]

^66\.197\.(1(2[8-9]|[3-9][0-9])|2([0-4][0-9]|5[0-5]))\.[0-9]

^192\.173\.(6[4-9]|[7-9][0-9]|1([0-1][0-9]|2[0-7]))\.[0-9]

^69\.53\.(2(2[4-9]|[3-4][0-9]|5[0-5]))\.[0-9]

^108\.175\.(3[2-9]|4[0-7])\.[0-9]

^185\.2\.(2(2[0-3]))\.[0-9]

^185\.9\.(1(8[8-9]|9[0-1]))\.[0-9]

^198\.38\.(9[6-9]|1([0-1][0-9]|2[0-7]))\.[0-9]

^198\.45\.(4[8-9]|5[0-9]|6[0-3])\.[0-9]

^208\.75\.(7[6-9])\.[0-9]

I get Netflix without problems on PC's, Chromecasts and phones via my XG firewall but I have an LG 60" TV which seems to be able to move through the menus just fine but then freezes at 25% when actually loading a show. It and most other streaming devices are setup as clientless users in the firewall with very little in the way of blocking applied.

Is there any chance that this behaviour is caused by the firewall because it seems (maybe) to have been happening for about the time that the firewall has been in service.

I get Netflix without problems on PC's, Chromecasts and phones via my XG firewall but I have an LG 60" TV which seems to be able to move through the menus just fine but then freezes at 25% when actually loading a show. It and most other streaming devices are setup as clientless users in the firewall with very little in the way of blocking applied.

Is there any chance that this behaviour is caused by the firewall because it seems (maybe) to have been happening for about the time that the firewall has been in service.

Almost of all the problems that I have heard about with Netflix (etc) is not in the menus.  It is only with playing the actual streams.  In addition, from what I've heard it is usually all-or-nothing.  If one video does not play, none of them do and vice versa.

Can you confirm that after creating the exceptions that I listed above, your LG TV still cannot play videos?

Our Roku won't play Netflix, gets stopped during a certain percentage of loading.  Netflix works on PCs.  I didn't make the connection to the Sophos being the problem for the longest time, because the Roku hadn't been used for Netflix for awhile after I installed the XG.  It wasn't like installed XG and immediately Netflix broke.  I'm trying to wade through these changes, but am thoroughly disgusted that once again I have to spend quite an amount of time getting around a problem other firewalls don't have. 

I added the REGEX list as exceptions and Netflix still stops at 25%. If I create a firewall rule which just lets all traffic through to the LG TV (and other devices with the same issue) then everything works fine. As soon as I add any sort of web policy, intrusion prevention or malware scanning then it stops Netflix at 25%.

Thanks for letting me know, Dean.

To confirm - the video plays but all videos (regardless of length) stop playing at 25% ?

What device is playing the video?

Do you mind working with me in PM to get some logs from the machine so I can debug further?

We replaced our CheckPoint with a Sophos XG 125W (very ncie btw), but can't get Netflix to stream on our LG 60" that's in the office.  Netflix streams fine on the PCs and Tablets, just not the LG.  The LG streams Amazon Prime and YouTube with zero issues, but won't load anything Netflix.  Using the latest firmware and have tried the work arounds in this forum but no luck - added clientless user for LG TV to exempt from policies, no go, etc.

Any suggestions to get the LG TV streaming Netflix?  It's IP is 172.16.16.21

LG message from Netflix is "We're having trouble playing this title right now. PLease try again later or select a different title." tvqpm100(3.2.416)

Yep, struggled with that problem for a long time.  It cleared up the moment that XG was replaced.  Another huge time suck and PITA courtesy of XG.

cmcysa said:

Any suggestions to get the LG TV streaming Netflix?  It's IP is 172.16.16.21

 

https://community.sophos.com/kb/en-us/125061

I was wondering if this worked, I have the same error on the Samsung only on certain shows; the content looks SD as if the connection is slow. I have 400mb down and 40 up so I know my connection is good.  I have removed the apps from smart hub, updated smart hub reinstalled the apps, etc...  I cannot find anything more to do from Samsung, I have not tried putting the TV on the outside of the FW, 17.1.3 MR-3...but that kinda defeats the purpose.  The firewall rule in the KB is configured with ID1, like I said some content plays others do not.

Netflix works on the shield in the living room and master with every show, I really have a hard time believing it is the FW but I am out of options, except purchase shields for every room...  and I am leaning that way!!

Thought I would ask before purchasing more shields?

Any suggestions..

I was thinking of a TV network on a physical NIC and having very little rules on that net which would be completely closed off from my LAN net.

Thanks