Netflix - I'm really stumped

Question

After months of troubleshooting, we have finally traced all our Netflix problems to the Sophos UTM firewall.

We have a Samsung Smart TV. We stream Netflix to it.  We have run the whole house through Sophos UTM for the whole time, nearly 2 years.  It has been 100% rock solid until December 2014. Suddenly Netflix started throwing an error "tvp-811 we’re having trouble playing this title right now."

We tried everything.  I spent over 15 hours on the phone both with Samsung and Netflix engineers.  We reflashed the firmware on the tv, reinstalled the netflix app, changed it to another country, in short, we did EVERYTHING.  Nothing got rid of the error.  Samsung and Netflix support gave up.

In desperation, I rigged a cable down to the TV and bypassed the Sophos firewall.  Amazingly, the error went away.  I could stream a video for over 30 minutes with no error.  I reconnected Sophos back and the error immediately returned.

Then I started disabling options in Sophos.  I turned off QOS, Application Control, Advanced threat protection, everything I could find.  In each case, the netflix stream continued to die in 2 - 7 minutes.

I have spent months on this issue.  I am out of ideas. Again, Netflix worked before for years, until an update (I don't know exactly which one) from Sophos.  Now it is unusable.  We are currently on 9.305-4.

I have no rules blocking the TV.  It is pass-through, wide open, no blocking of any kind.

Another thing.  This only affects Netflix.  Everything else works, like YouTube, Amazon streaming, etc.  If I bypass Sophos, everything is good again.

This thread was automatically locked due to age.

PlatosGimp · Answer

Hello. I will do my best to try and answer TJSoftworks question here (since I am the Sophos Engineer he spoke to this morning). "What I'm really as interested in is more than just A workable answer .... more a workable pattern for Netflix that can be adopted by 100's perhaps 100,000s of "admins" for Sophos UTMs and Appliances that minimize trouble." Many streaming media services simply do not function well, or not at all, through a proxy or in some cases with IPS enabled and so need to be bypassed. But there is also (at least) one wrench in this process since Netflix for example, works differently depending on whether its through a browser, a mobile device or as Remulfon discovered, on smart TV's or other embedded devices. Therefore, what may work as a solution for one way of accessing Netflix may not work for others (unless Netflix is bypassed entirely from going through the proxy). In my own environment I have 4 mobile devices, a dozen PC's running Linux and/or Windows, 6 streaming media devices, 3 smart TV's and 4 BD players with a Netflix app and even one lonely Apple TV box. The way I addressed the Netflix issue while running the proxy in Transparent mode was to ensure all mobile devices, streaming media devices, embedded Netflix players and all Smart TV's were added to the list of "Skip transparent mode source hosts" for the HTTP proxy. Now all players had no trouble streaming Netflix. And since these are not PC's I am not really concerned about them going through the proxy anyway. However, this could also be accomplished with "Skip transparent mode destination hosts/nets" so long as you can identify all host that would be used for Netflix, possibly with a DNS object. So in summary, there simply is no one single way to resolve the issue of streaming media services not always working reliably, or at all, through an HTTP proxy and unless you can bypass the source or destination globally, you are left with a step-by-step process of testing access, finding what is being blocked and creating suitable exceptions - a process which can sometimes lead down a rabbit hole of opening one site/block, only to be followed by more, and when you unblock those, then more and so on and so on. Hope this helps [:)]

jerry.stefik · Answer

Hi All, 
 
 I see that this is a very old topic, but if someone has the same issue Netflix error TVP-802 on Sophos XG series, then to fix this - create a new FW rule and disable Malware Scanning (scan FTP and SCAN HTTP must be unchecked) after that Netflix works like charm. Due to lack of Log and Reporting for XG series I am unable to trace exactly what's wrong but I believe that they will fix that in a new release. My XG version is HW-SFOS_16.01.2.SF300-222 
 
 Happy Watching :D