WG Blocking Video Playback

Hello,

Since putting in our watchguard, we are unable to get our nest cameras to play back on the network.

It looks like it is related to the http proxy.

2021-06-02 10:32:13 Member1 http-proxy 0x16d0560-16335604 unable to parse request start-line line='\x16\x03\x01\x02\x00\x01\x00\x01\xfc\x03\x03\xa1\xd5\x0e8^$\x00fINs\xba\x16.i\xb7^%\x94\xbf/*V4Gv.\x0f\x0e\xca\x93L d\x02\xa8ETU\x18\xd6Z\xcdO\xf9J\x8f\xcb \xa3\x5c\xad\x0f>\xe8:\xe2\xd3\xdb\x1e\x14\xbf\xcaPe\x00 ::\x13\x01\x13\x02\x13\x03\xc0+\xc0/\xc0,\xc00\xcc\xa9\xcc\xa8\xc0\x13\xc0\x14\x00\x9c\x00\x9d\x00/\x005\x01\x00\x01\x93\x9a\x9a\x00\x00\x00\x00\x00\x1f\x00\x1d\x00\x00\x1aoculus7795-us1.dropcam.com\x00\x17\x00\x00\xff\x01\x00\x01\x00\x00\x0a'

Any idea how I can fix this?

Thanks!

Comments

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @travis_tmb
    You'll likely need to make a http proxy exception for whatever addresses those cameras are accessing. I'd suggest contacting Nest to see if they can give you a full list of hosts the cameras and your client to view them needs to contact in order for them to work (rather than trying to look at your logs and guess at what they might be.)

    Once you know what to make exceptions for, you can add them to your proxy exceptions:
    https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/proxies/http/http_proxy_exceptions_c.html

    -James Carson
    WatchGuard Customer Support

  • James,

    Is it going to be an http exception or https?

  • Hard to know from what you posted.
    Supposedly NEST devices can use both 80 & 443.
    Start with a HTTPS exception and see if that resolves the issue or not.

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @travis_tmb

    Your log suggests it's hitting the HTTP proxy, so that means it's either HTTP, or HTTPS that is being content inspected and sent to the HTTP proxy.

    -James Carson
    WatchGuard Customer Support

  • So, what do you see in Traffic Monitor related to this access?

  • james.carsonjames.carson Moderator, WatchGuard Representative

    @sunil808
    You'll likely need to use packet filters to whatever servers nest specifies you're using.

    You may need to contact their support to determine what domains you need to allow, as *.google.com or *.nest.com is generally too broad of an exception for most customers to make.

    -James Carson
    WatchGuard Customer Support

  • If proxy excepts give you a pain, I would make an Alias for your camera stuff (two aliases if you have internal and external destinations) and just Make an http bypass for them and use the policy tags to find the policies later.
Sign In to comment.