Results 1 to 10 of 10
  1. #1
    Untanglit
    Join Date
    Feb 2021
    Posts
    16

    Default Spotify port 4070 being blocked

    Spotify internet connectivity is broken by the threat prevention app.

    As far as my testing has shown, giving the app spotify's urls as "pass" does nothing, but allowing tcp port 4070 through allows spotify to work.

    I do not want to just have a blanket rule allowing port 4070, is there another way to allow this without just using the port?


    Some further testing has revealed the app is classifying TCP port 4070 traffic as "Suspicious"
    Why?
    Last edited by erasedhammer; 03-04-2021 at 04:40 PM.

  2. #2
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    9,466

    Default

    Look at reports for the blocking domains and pass those.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Untanglit
    Join Date
    Feb 2021
    Posts
    16

    Default

    It is not blocking any domain associated with spotify.

  4. #4
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    9,466

    Default

    Sorry if I was not clear. Look at the Threat Prevention report to see which Spotify session is blocked and whitelist the domain name so it is pass even though the category is matched.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  5. #5
    Untanglit
    Join Date
    Feb 2021
    Posts
    16

    Default

    The server associated with that block traffic does not list a URL, only the IP.

    I don't think allowing an IP would work very well considering they are using a fairly large block. Not sure exactly since it doesn't seem documented by spotify.

  6. #6
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    9,466

    Default

    Again, you are looking for the domain not URL since most likely the traffic is encrypted.

    spotify-domain.png
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  7. #7
    Untanglit
    Join Date
    Feb 2021
    Posts
    16

    Default

    Ah, well I am not doing ssl decryption on this traffic. Is it the blocking unavoidable without decrypting?

  8. #8
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    9,466

    Default

    Domain is not encrypted as I stated above.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  9. #9
    Master Untangler CMcNaughton's Avatar
    Join Date
    Feb 2015
    Location
    Denver, CO
    Posts
    182

    Default

    There's a couple of things i dislike about that Spotify client, but your issue is a new one. The client itself pops as P2P which annoys my IPS to death:
    Screen Shot 2021-03-05 at 9.50.39 AM.png

    But, I work from home/have Spotify open all day...I'll re-enable TP on my z6 here to do some testing and see what happens..

  10. #10
    Untanglit
    Join Date
    Jun 2020
    Posts
    25

    Default

    Quote Originally Posted by erasedhammer View Post
    It is not blocking any domain associated with spotify.
    Most likely it is referring to random IPs on Google Cloud, not? Thus, didn't find a way to further narrow it down. Web Filter / Threat Prevention categorize such to "undefined", most times.

    I decided to completely change my mindset and manage groups of devices/users by applying different risk levels. I've set the ruler under the "Threats" tab to "High Risk" and manage everything via the "Rules" tab. Pass Rules for individual groups of user names include a specific risk level. At the bottom a more restrictive block rule for the rest. You can also allow port 4070 if risk level is not „High“ for specific devices.
    Last edited by bEeReE; 04-07-2021 at 01:12 PM.
    CMcNaughton likes this.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2