Spotify port 4070 being blocked
Spotify internet connectivity is broken by the threat prevention app.
As far as my testing has shown, giving the app spotify's urls as "pass" does nothing, but allowing tcp port 4070 through allows spotify to work.
I do not want to just have a blanket rule allowing port 4070, is there another way to allow this without just using the port?
Some further testing has revealed the app is classifying TCP port 4070 traffic as "Suspicious"
Why?
Last edited by erasedhammer; 03-04-2021 at 04:40 PM.
Look at reports for the blocking domains and pass those.
Attention: Support and help on the Untangle Forums is provided by
volunteers and community members like yourself.
If you need Untangle support please call or email support@untangle.com
It is not blocking any domain associated with spotify.
Sorry if I was not clear. Look at the Threat Prevention report to see which Spotify session is blocked and whitelist the domain name so it is pass even though the category is matched.
Attention: Support and help on the Untangle Forums is provided by
volunteers and community members like yourself.
If you need Untangle support please call or email support@untangle.com
The server associated with that block traffic does not list a URL, only the IP.
I don't think allowing an IP would work very well considering they are using a fairly large block. Not sure exactly since it doesn't seem documented by spotify.
Again, you are looking for the domain not URL since most likely the traffic is encrypted.
spotify-domain.png
Attention: Support and help on the Untangle Forums is provided by
volunteers and community members like yourself.
If you need Untangle support please call or email support@untangle.com
Ah, well I am not doing ssl decryption on this traffic. Is it the blocking unavoidable without decrypting?
Domain is not encrypted as I stated above.
Attention: Support and help on the Untangle Forums is provided by
volunteers and community members like yourself.
If you need Untangle support please call or email support@untangle.com
There's a couple of things i dislike about that Spotify client, but your issue is a new one. The client itself pops as P2P which annoys my IPS to death:
Screen Shot 2021-03-05 at 9.50.39 AM.png
But, I work from home/have Spotify open all day...I'll re-enable TP on my z6 here to do some testing and see what happens..
Most likely it is referring to random IPs on Google Cloud, not? Thus, didn't find a way to further narrow it down. Web Filter / Threat Prevention categorize such to "undefined", most times.Originally Posted by erasedhammer
I decided to completely change my mindset and manage groups of devices/users by applying different risk levels. I've set the ruler under the "Threats" tab to "High Risk" and manage everything via the "Rules" tab. Pass Rules for individual groups of user names include a specific risk level. At the bottom a more restrictive block rule for the rest. You can also allow port 4070 if risk level is not „High“ for specific devices.
Last edited by bEeReE; 04-07-2021 at 01:12 PM.
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote
