Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Deftone
New Contributor

Netflix

Helo all, I' m having problems to watch movies on netflix while web filter enabled. I added some netflix urls to the url filter but it' s not working When I hit play in netflix I get an error. When I disable web filter in the policy it' s working like charm. Someone any idea how to get this to work? The url filter
 
                 edit " *netflix.com" 
                 set type wildcard
                 next
                 edit " *nflximg.com" 
                     set type wildcard
                 next
                 edit " *llnwd.net" 
                     set type wildcard
                 next
                 edit " *nflximg.net" 
                     set type wildcard
                 next
Thanks
10 REPLIES 10
vanc
New Contributor II

So you wanted to turn on web filter, but Netflix somehow stopped working for you. Then you added Netflix URLs to bypass them? You need to check the web filter log and see if Netflix related URLs are blocked. If nothing shows up, I might assume that you are using proxy based webfilter profiles which has poor compatibility with streaming. Delete all your Netfilter URLs and change the web filter profile mode from proxy to flow based and see if it works for you. I' ve no issue with this setup.
Bromont_FTNT
Staff
Staff

SSL inspection turned on? Anything Netflix will need to be exempted from SSL inspection, or create another firewall policy above this one with destination FQDN/IP addresses for all the Netflix sites you can identify
Deftone
New Contributor

Thanks for the reply' s. I try to change proxy to flow based but with no succes. I don' t use SSL inspection so that can not be the problem. This problem is only occuring when I try to watch Netflick on my iPad or iPhone When I use Macbook that is on the same segment I have no problem. When I disable URL filter I can also watch Netflix oniPad or Iphone
Bromont_FTNT
Staff
Staff

Would probably need to see your UTM profiles etc... are you using AV?
Deftone
New Contributor

I don' t use any other UTM only WebFiltering. These profile is the only utm that is enabled on the policy
vanc
New Contributor II

You need to check your log and see which URLs were blocked, then add them to exempt list.
Victor
New Contributor III

Considering that the webfilter list is a very CPU intensive process, I would rather have Fortinet address the issue. I can confirm that smartphones & tablets are blocked with a web filter policy but that traditional PCs/Macs are not. My guess is that the javascript that identifies the device and defines the method of interacting with Netflix invokes something in the mobile devices that the Fortigate does not like. I created a special policy for my tablet and with UTM disabled, everything works. As for looking at the logs, there was nothing of netflix blocked. There were a lot of facebook entries, which turned out to be the facebook app working as a background process. By the way, the youtube app and crackle app work fine.
Bromont_FTNT
Staff
Staff

Victor, are you having the same issues as Deftone?
Victor
New Contributor III

Yes, was having the same issue as Deftone. Working with Fortinet we isolated the problem. If you have " Web Resume Download Block" checked in the Web Filter profile for the policy, uncheck it. Netflix will then work. It seems the tablet & smartphone apps buffer the stream in downloded chunks rather then manage it as a continuous stream.
Labels
Top Kudoed Authors