Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 9 replies
  • Subscribers 7 subscribers
  • Views 25954 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Netflix, what fix?

AndrewSalm

Hello all...

I'd like to start by saying that I know that this question has been asked time, and time again. I have searched the forum at length and attempted many of the suggested solutions to the problem.  The problem being:

Why, oh why, can I not get Netflix to work on my Roku 3 behind the UTM?  
(Edit: Slacker Radio is another more popular service that also no longer works now.)

In fact, most streaming apps on the Roku ar no longer able to retrieve content. 

I have tried adding the devices to the skip list - fail

I have tried adding regex to the exceptions list - fail (Most solutions offered were variations of regex forms)

I have disabled WebFilter, IPS, ATD, and created the ANY>ALL>ANY firewall rule t open it wide up. No dice. 


I am hoping that there is someone here that has an answer to this question. I had found a post of about a week ago or so that claimed to have resolved the issue, alas to no avail. 

Some minimal logging I am able to get:

2016:03:08-18:04:08 sophos httpproxy[5491]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="POST" srcip="10.10.3.2" dstip="50.16.209.170" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaLanNetwo (Roku)" filteraction="REF_HttCffRoku (Roku)" size="5939" request="0xe0c9fe00" url="appboot.netflix.com/.../RKU-42XXX-" referer="localcontrol.netflix.com/.../boot.js" error="" authtime="0" dnstime="30028" cattime="0" avscantime="0" fullreqtime="585294" device="0" auth="0" ua="Gibbon/2015.1.1/2015.1.1: Netflix/2015.1.1 (DEVTYPE=RKU-42XXX-; CERTVER=0)" exceptions="av,auth,content,url,ssl,certcheck,certdate,cache,fileextension,patience" content-type="text/plain"

2016:03:08-18:04:10 sophos httpproxy[5491]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="10.10.3.2" dstip="165.254.34.218" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaLanNetwo (Roku)" filteraction="REF_HttCffRoku (Roku)" size="17559" request="0xdfea5600" url="cdn-0.nflximg.com/.../netflixSound.ogg" referer="secure.netflix.com/.../darwin.js error="" authtime="0" dnstime="30132" cattime="0" avscantime="0" fullreqtime="77311" device="0" auth="0" ua="Gibbon/2015.1.1/2015.1.1: Netflix/2015.1.1 (DEVTYPE=RKU-42XXX-; CERTVER=0)" exceptions="av,auth,content,url,ssl,certcheck,certdate,cache,fileextension,patience" content-type="application/ogg"
2016:03:08-18:04:10 sophos httpproxy[5491]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="10.10.3.2" dstip="165.254.34.218" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaLanNetwo (Roku)" filteraction="REF_HttCffRoku (Roku)" size="11316" request="0xe0ca1000" url="cdn-0.nflximg.com/.../tone_22khz.ogg" referer="secure.netflix.com/.../darwin.js error="" authtime="0" dnstime="30184" cattime="0" avscantime="0" fullreqtime="87098" device="0" auth="0" ua="Gibbon/2015.1.1/2015.1.1: Netflix/2015.1.1 (DEVTYPE=RKU-42XXX-; CERTVER=0)" exceptions="av,auth,content,url,ssl,certcheck,certdate,cache,fileextension,patience" content-type="application/ogg"
2016:03:08-18:04:40 sophos httpproxy[5491]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="10.10.3.2" dstip="50.16.209.170" user="" group="" ad_domain="" statuscode="400" cached="0" profile="REF_HttProContaLanNetwo (Roku)" filteraction="REF_HttCffRoku (Roku)" size="313" request="0xdfe88a00" url="appboot.netflix.com/.../" referer="localcontrol.netflix.com/.../error.js error="" authtime="0" dnstime="61" cattime="0" avscantime="0" fullreqtime="43885" device="0" auth="0" ua="Gibbon/2015.1.1/2015.1.1: Netflix/2015.1.1 (DEVTYPE=RKU-42XXX-; CERTVER=0)" exceptions="av,auth,content,url,ssl,certcheck,certdate,cache,fileextension,patience" content-type="application/xml"
2016:03:08-18:04:50 sophos httpproxy[5491]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="10.10.3.2" dstip="173.194.123.115" user="" group="" ad_domain="" statuscode="302" cached="0" profile="REF_HttProContaLanNetwo (Roku)" filteraction="REF_HttCffRoku (Roku)" size="258" request="0xe0c23200" url="http://www.google.com/" referer="localcontrol.netflix.com/.../error.js error="" authtime="0" dnstime="15082" cattime="108" avscantime="0" fullreqtime="74729" device="0" auth="0" ua="Gibbon/2015.1.1/2015.1.1: Netflix/2015.1.1 (DEVTYPE=RKU-42XXX-; CERTVER=0)" exceptions="" category="145" reputation="neutral" categoryname="Search Engines" content-type="text/html" application="google" app-id="182"


This thread was automatically locked due to age.
Parents
  • 0

    Hi, Andrew, and welcome to the UTM Community!

    If the Roku had been successfully added to the Skiplist, no such lines would appear in the log. That fact and your other comments  indicate that you might benefit from reviewing .

    Cheers - Bob

  • 0 in reply to BAlfson

    Hi Bob,

    Thank you for your response. I have seen that potential solution and have attempted to implement it. However, when I add my Rokus to the Skiplist it still will not allow netflix, slacker, and other online streaming services. Youtube works fine... 

    I am at a loss and have put in a separate router for the Roku network. My problem now, I cannot grant the router network access to the internet through the Sophos. My Lan is on 10.10.1.0. I added an IF for the router on 192.168.1.0 which in turn issues DHCP on its WiFi on 10.10.2.0 

    I am unable to get internet through the wifi either. And I do realize that this will present the same networking issue to begin with, but this is ultimately how I want my network set up.

    My Interfaces:

    eth1 = WiFi    192.168.1.99/24 - Router in this IF issues 10.10.2.X/24
    eth4 = WAN  192.168.2.1 (Bell router - No BridgeMode availble)
    eth5 = LAN   10.10.1.0/24

  • 0 in reply to AndrewSalm

    "However, when I add my Rokus to the Skiplist it still will not allow netflix, slacker, and other online streaming services." - Did you follow #2 in Rulz?

    Cheers - Bob

  • 0 in reply to BAlfson

    I will try again.

    Right now I need to resolve my wifi not having LAN or WAN connectivity. 

  • 0 in reply to BAlfson

    Hi Bob,

    I started from scratch and reconfigured sophos with defaults as much as possible. One thing I noticed is tat I was not able to setup the WAN configuration in the setup wizard. No interfaces displayed for me (I have 5) so I had to manually do this after. Not sure if there any any automatic rules created in the wizard that I might be missing in the manual config. 

    I followed the Rulz #2... which in essence is not an issue right now as I am having a different problem altogether. I would like to describe it but feel I need to post this in a different category? It's a networking issue between ports on my firewall, and a router I am  using as a WiFi AP. On my WiFi network I have no access to the LAN and Internet... 

Reply
  • 0 in reply to BAlfson

    Hi Bob,

    I started from scratch and reconfigured sophos with defaults as much as possible. One thing I noticed is tat I was not able to setup the WAN configuration in the setup wizard. No interfaces displayed for me (I have 5) so I had to manually do this after. Not sure if there any any automatic rules created in the wizard that I might be missing in the manual config. 

    I followed the Rulz #2... which in essence is not an issue right now as I am having a different problem altogether. I would like to describe it but feel I need to post this in a different category? It's a networking issue between ports on my firewall, and a router I am  using as a WiFi AP. On my WiFi network I have no access to the LAN and Internet... 

Children
  • 0 in reply to AndrewSalm

    Once you add the devices to the skip list, you then need to make sure you have firewall rules and NAT rules set up to allow them to talk out.

  • 0 in reply to darrellr

    Darrellr

    I'm up and running, and working just fine now. Not entirely certain as to what the issue was that prevented me from using the skiplist, however after a fresh UTM install and slight modification to my network config, Netflix and Slacker amongst others are running smoothly. 

  • 0 in reply to darrellr

    Hello,

     

    I believe I have the same issue. 

    By any chance could you provide in generic formatting that you have set for the rules, and NAT, so that I and maybe other future people can look at them and be able to set them up for their devices on their UTM?

    I need to download, print out the Manual for the UTM 9.5 and find the section on the skip list.  Been away from UTM for almost a year and very rusty. Been using it from UTM/Astaro 7.3 through 9.3.

    chad

  • 0 in reply to cmp828

    Hello,

     

    I just reloaded the system clean, got everything working with most simple configs. So if needed, make copies of your backup config files / e-mail / download your config to keep.

    In another posting I added what I used as my most basic config to just get up and going, with streaming working. Then lock it down from there.

    Also on a side note, I have a Samsung bluray player that will stream Netflix and a few others, But it fails to stream because it can't update the time. You can not set the Samsung as to what time server it uses, Why the player has to sync with network time to begin with is a little odd to me, but assume the streaming service wants your time close it theirs. Anyway, my older DVD player streams Netflix just fine.  So if you have a Samsung BluRay player and it fails to stream any video content and the player gives you a message updating time, not sure what to do for it.  Try streaming from the computer and see if through the web page of Netflix you can stream and watch movies. I run Ubuntu Linux and have no issues streaming Netflix.   So if you are using some device other than a computer with web page access to the streaming service, try to see if it works from a computer via the web page, and then try trouble shooting from there.

    Just a thought.

    Chad