Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 3 answers
  • Subscribers 29 subscribers
  • Views 18032 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

BUG: XG Firewall and Blizzard battle.net software

XX XX

Hi everyone,

 

I am currently running a Sophos UTM (home license) as as transparent bridge between my computer and the router at home. Sometimes, I like to play Blizzard games on my computer, which requires the battle.net software to be running. In my UTM I have configured an "allow all" rule with activated IDS and HTTP web filtering.

The strange thing is that the battle.net client software is not able to download updates once the firewall rule has HTTP filtering activated - if it is de-activated, it works perfectly. What's even stranger is that if HTTP filtering is active and I try to download updates, the router goes into gridlock with max down- and upload...though no client is causing any traffic.

Older threads in this forum have reported similar issues, however, while not being able to play games is not that serious an issue, the underlying causes make me wonder...

 

Does anyone know how to fix this?

 

 

 

 



This thread was automatically locked due to age.
Parents
  • +1

    I was just having the same problem.  Disabling HTTP scanning on my LAN to WAN policy temporarily fixed it, but that's not a long term solution.  I found some older posts about how to bypass HTTP filtering.  I just added the following rule with all bypass options checked.  

    I uninstalled the Battle.net app (just for you, I might add) and it successfully re-installed.  If I were to take the bypass rule out, it would hang at 50% or just give an error - so it looks to be working to me.

    Go to Web -> Exceptions -> Add Exception

     

     

    I tested this morning, and I had to add one more line to the above rule.  All is working great now.

     

    ^([A-Za-z0-9.-]*\.)?akamaihd\.net/

  • 0 in reply to Benjamin Brooks

    Hi,

    I'm an newbie here and also my English is not the best.

    I have tries already all things that I can find in internet but nothing help me to solve my problem.

    I have an sophos xg (SFOS 16.05.7 MR-7) firewall running and I have the problem with the login with my Blizzard App.

    So login is not possible.

    I also already set under WEB-> Exceptoions following

     

     

    So what I'm doing wrong? What should I set on which place?

    Many thanks,

    Sasa

  • 0 in reply to Sasa T

    Hi Sasa,

    please provide the rule in detail and also extracts from your logs showing which urls are being dropped.

    Ian

  • 0 in reply to rfcat_vk

    Hi,

     

    I try it.

    I create a service Group.

    Than I create the services (put in all ports that are from Blizzard provided):

    And after that I create a firewall rule like that:

     

    So that's all. I also take a look on the logs, but I didn't see that something is droped. That relay strange.

    Thanks and best regards,

    Sasa

  • 0 in reply to Sasa T

    Hi Sasa,

    Why bridge mode, what does your router offer you that your XG doesn't? The router will be nat'ing your traffic so your services will not be correct with a 1:1 for ports.

    You also have a masq rule so again the services will not be a 1:1. You have many duplicated services, you only need one service with ports because the services are used in the same firewall rule.

    Assumption your rule is at the top of the firewall rule list?

    You will need to disable http scanning otherwise your game will not flow and in theory you trust battle net?

    The more likely issue is that the battle net servers respond on a port or IP address that is not considered part of the original connection and as a result will fail at the firewall.

    Ian

    Further, you will need an exception firewall rule, because some of the applications are controlled by the web proxy and others are not.

Reply
  • 0 in reply to Sasa T

    Hi Sasa,

    Why bridge mode, what does your router offer you that your XG doesn't? The router will be nat'ing your traffic so your services will not be correct with a 1:1 for ports.

    You also have a masq rule so again the services will not be a 1:1. You have many duplicated services, you only need one service with ports because the services are used in the same firewall rule.

    Assumption your rule is at the top of the firewall rule list?

    You will need to disable http scanning otherwise your game will not flow and in theory you trust battle net?

    The more likely issue is that the battle net servers respond on a port or IP address that is not considered part of the original connection and as a result will fail at the firewall.

    Ian

    Further, you will need an exception firewall rule, because some of the applications are controlled by the web proxy and others are not.

Children
  • 0 in reply to rfcat_vk

    Hi Lan,

     

    sorry for the delay. As I already said. I'm an newbie in the field of firewalls.

    What you mean with bridged mode? How can i change that and on which place.

    Did you have maybe the steps that I should set especially at which positions I should set this things.

    I think a short example will help me.

    Many thanks and best regards,

    Sasa