I love that by default only the traffic that I allow can traverse the firewall.
I hate that I sometimes I cannot figure out why the heck something is being blocked.
When I upgraded to UTM9 (home user), I decided to start from scratch. I knew I would be in for a few headaches, but it also forced me to re-evaluate any rules or exceptions before re-implementing them.
Netflix is probably my best example. When trying to stream to my smarttv I could pull up the netflix browser, but it would always timeout when trying to start streaming.
I knew I had the "Bypass content scanning for streaming content" exception set under the Web Filtering advanced tab. And I knew that in the past I had created an exception for all Web Filtering for netflix.com, nflximg.com, vo.llnwd.net and that had resolved the problem.
But I found those URLs by searching the forums and I have no idea how to figure that out myself. So I tried netflix again with empty Firewall, HTTP Deamon, IPS, and Web Filtering logs. Netflix timed out and I opened up the logs and.... nothing.
- IPS was empty
- Firewall had a single blocked packet from an external source but seemed unrelated
- HTTP Deamon had nothing to do with the IP
- Web Filtering only shows the astaro classification server timeouts
So really I have no idea how I would know to create exceptions for netflix.com, nflximg.com, vo.llnwd.net or any others. More than anything it bothers me that there doesn't appear to be anything in the logs that would even indicate something was being blocked/dropped/scanned etc. I've experienced this with other applications too, where something is getting caught up in the AV Filter but I cant figure that out from the log files.
1. Is there another logfile I should be looking at?
2. Is there additional logging I can turn on?
3. Does a comprehensive and up-to-date resource exist for port and url exceptions exist?
I don't mean to sound bitter, I'm just frustrated that I cant figure this out. Thanks for the help.
I hate that I sometimes I cannot figure out why the heck something is being blocked.
When I upgraded to UTM9 (home user), I decided to start from scratch. I knew I would be in for a few headaches, but it also forced me to re-evaluate any rules or exceptions before re-implementing them.
Netflix is probably my best example. When trying to stream to my smarttv I could pull up the netflix browser, but it would always timeout when trying to start streaming.
I knew I had the "Bypass content scanning for streaming content" exception set under the Web Filtering advanced tab. And I knew that in the past I had created an exception for all Web Filtering for netflix.com, nflximg.com, vo.llnwd.net and that had resolved the problem.
But I found those URLs by searching the forums and I have no idea how to figure that out myself. So I tried netflix again with empty Firewall, HTTP Deamon, IPS, and Web Filtering logs. Netflix timed out and I opened up the logs and.... nothing.
- IPS was empty
- Firewall had a single blocked packet from an external source but seemed unrelated
- HTTP Deamon had nothing to do with the IP
- Web Filtering only shows the astaro classification server timeouts
So really I have no idea how I would know to create exceptions for netflix.com, nflximg.com, vo.llnwd.net or any others. More than anything it bothers me that there doesn't appear to be anything in the logs that would even indicate something was being blocked/dropped/scanned etc. I've experienced this with other applications too, where something is getting caught up in the AV Filter but I cant figure that out from the log files.
1. Is there another logfile I should be looking at?
2. Is there additional logging I can turn on?
3. Does a comprehensive and up-to-date resource exist for port and url exceptions exist?
I don't mean to sound bitter, I'm just frustrated that I cant figure this out. Thanks for the help.