Arlo|Smart Home Security|Wireless HD Security Cameras
Arlo Community

Proxy blocking website live feed

Reply
Discussion stats
  • 7 Replies
  • ‎2019-02-12 01:13 PM
  • 8556 Views
  • 6 Likes
  • 2 In Conversation
deejus
Tutor
Tutor
‎2019-02-12 01:13 PM

Im using a Watchguard Firewall and noticed the Proxy was blocking the Live feed. When clicking it would just say connection failed unles you disabled the proxy.

the proxy deny message is 

HTTP Invalid Request-Line Format

When this occurs, the HTTP Proxy denies the request. It is not possible to configure the HTTP Proxy to allow invalid requests.

Note: HTTP-Proxy Exceptions will not bypass this error message, as the request does not adhere to the RFC standards for the HTTP protocol.

 

The only way around this is to add a new policy above that and allow connections to the following FQDN

*.arlo.com

*.arlo.netgear.com

*.netgear.com

*.amazonaws.com

dev.visualwebsiteoptimizer.com

rum-collector.pingdom.net

rum-static.pingdom.net

After these are put in you can then view the live feed through the website. Hopefully the arlo Dev team will notice this and correct these issues with their site and I also express concern with the live feed not using HTTPS.

These setting should work with other firewall proxy's such as cisco/sonicwall/fortigate etc.

This took myself and a collegue several hours to backtrack with the help of watchguard support.

Hopefully this will save you guys the work as i've seen about 10+ other forum posts closed due to inactivy with no resolution.

 

Reply
Message 1 of 8
8,556
1 ACCEPTED SOLUTION

Accepted Solutions
deejus
Tutor
Tutor
‎2019-07-09 07:04 AM

you have to do a normal http outbound packet filter and not a proxy. Proxy's will not work.

 

arlo.png

View solution in original post

Reply
Message 3 of 8
8,087
7 REPLIES 7
Brink2Three
Tutor
Tutor
‎2019-07-08 03:10 PM

Hey deejus, 

I also am using a Watchguard Firebox as well and I attempted to create an FQDN list as you suggested, but I still cannot preview live feed. Does yours still work with this list? If so, can I share a screenshot with you to see if I am configuring it the same way? 

 

I contacted Arlo and they claim they will call me back in 24 hours with a solution. We'll see if that involves an FQDN list or otherwise, but I'm curious to see what they say. 

Reply
Message 2 of 8
8,102
deejus
Tutor
Tutor
‎2019-07-09 07:04 AM

you have to do a normal http outbound packet filter and not a proxy. Proxy's will not work.

 

arlo.png

Reply
Message 3 of 8
8,088
Brink2Three
Tutor
Tutor
‎2019-07-10 10:12 AM

Hey deejus, 

I've attached a screenshot of my policy as implemented right now. 

I've also attached a google drive link as uploaded photos have to be manually approved by a moderator. 

From what I understand, this is an outbound packet filter rule, not a proxy (If it was a proxy, the blue menu bar along the top would have a proxy actions option, and this does not. Again for clarity I am using your original list of FQDNs as listed in your first post.

Just as a troubleshooting step, I also tried making this a packet filter over all protocols, not just port 80 (HTTP), and it still did not work. Any suggestions would be greatly appricicated. 

 

https://drive.google.com/file/d/1qQkDVTgQ08Az2D22E9Rz-8E5vlREFNy2/view?usp=sharing


Arlo FQDN Livestream Policy.PNG
0 Likes
Reply
Message 4 of 8
8,063
Brink2Three
Tutor
Tutor
‎2019-07-10 11:48 AM

I've just spotted my own mistake. I have the To and From fields backwards on the Firewall Policy. I reversed them and that has fixed it. 

0 Likes
Reply
Message 5 of 8
8,053
deejus
Tutor
Tutor
‎2019-07-11 07:37 AM

Thats wonderful to hear. Now Im hoping the Devs will do something with not using HTTPS.

0 Likes
Reply
Message 6 of 8
8,043
deejus
Tutor
Tutor
‎2019-07-11 07:40 AM

I would also recommend trying to use Watchguard system manager to manage the firewall. It is a great tool and allows you to setup numerous things before it gets pushed to the firewall instead of having to save each change instantly.

0 Likes
Reply
Message 7 of 8
8,042
Brink2Three
Tutor
Tutor
‎2019-07-11 08:16 AM

I have a call scheduled with their senior dev team to talk about the security issue that splitting a site into http and https elements. I'll also suggest adding the FQDN lists to their official documentation for troubleshooting livestreaming issues. Maybe not as a basic troubleshooting step, but still should be easier to find then this thread. It took me close to 4 days to find this after first diagnosing the problem. 

 

And yes, I was using the WGSM, I was just on my laptop and found it easier to sceenshot from the webpage then to reboot into windows. 

Reply
Message 8 of 8
8,036
Discussion stats
  • 7 Replies
  • ‎2019-02-12 01:13 PM
  • 8557 Views
  • 6 Likes
  • 2 In Conversation

Arlo
Support

Visit our support page for answers from simple setup to security optimization. Search for something specific or select a product or category for helpful articles and videos.

Visit Arlo Support

Arlo App
for Support

For personalized support specific to the Arlo products you own, access Support from within the Arlo iOS or Android App. Simply login to your Arlo App, go to Settings, Support, then select the Arlo product you would like support for.