[KeepingUp]

I recently upgraded my network router/firewall to Untangle. When I first installed the firewall, it began to block All of my Tivo boxes (Bolt, Roamio, two mini Vox, three regular minis) from their maintenance calls to the mother ship. I didn't notice this until the Tivos started acting funny.
They were getting a c117 error on the maint call but the guide call was working fine. If i turn the firewall off, the calls go through. I thought had a firewall config that would get it through, but it is not working. I have two questions:

1. Has anyone worked with Untangle and Tivo enough that you have a fix for this issue?

2. Does anyone know the URL for the three web servers that a Tivo communicates with?
I believe if I knew those site addresses, I could config Untangle to not block Tivo.

I would appreciate any assistance that anyone could offer.

Thanks
John

 

[lhvetinari]

I recently upgraded my network router/firewall to Untangle. When I first installed the firewall, it began to block All of my Tivo boxes (Bolt, Roamio, two mini Vox, three regular minis) from their maintenance calls to the mother ship. I didn't notice this until the Tivos started acting funny.
They were getting a c117 error on the maint call but the guide call was working fine. If i turn the firewall off, the calls go through. I thought had a firewall config that would get it through, but it is not working. I have two questions:

1. Has anyone worked with Untangle and Tivo enough that you have a fix for this issue?

2. Does anyone know the URL for the three web servers that a Tivo communicates with?
I believe if I knew those site addresses, I could config Untangle to not block Tivo.

I would appreciate any assistance that anyone could offer.

Thanks
John

A quick Google search indicates people using Untangle 15.1 seem to have a problem with the Web Filter breaking TiVo Service connections. Try turning it off and seeing if that helps.

 

[KeepingUp]

A quick Google search indicates people using Untangle 15.1 seem to have a problem with the Web Filter breaking TiVo Service connections. Try turning it off and seeing if that helps.

Thanks, that works, but I didn't want to just open up the network to intrusion. I also found a way to make the tivo boxes "open", but i would really just like to open up just for the maintenance call.

 

[HerronScott]

Thanks, that works, but I didn't want to just open up the network to intrusion. I also found a way to make the tivo boxes "open", but i would really just like to open up just for the maintenance call.

From what I'm reading, Web Filter has nothing to do with network intrusion. It's only monitoring and blocking web site access that it deems inappropriate (content versus security).

Web Filter monitors HTTP and HTTPS traffic on your network to filter and log web activities and block inappropriate content. Web Filter also appeals to customers who require an added level of protection or are subject to regulations, for example Web Filter helps libraries comply with the Children's Internet Protection Act). Need to block Pornography or Hate Speech on your network? Web Filter is your answer.

Scott

 

[KeepingUp]

From what I'm reading, Web Filter has nothing to do with network intrusion. It's only monitoring and blocking web site access that it deems inappropriate (content versus security).

Web Filter monitors HTTP and HTTPS traffic on your network to filter and log web activities and block inappropriate content. Web Filter also appeals to customers who require an added level of protection or are subject to regulations, for example Web Filter helps libraries comply with the Children's Internet Protection Act). Need to block Pornography or Hate Speech on your network? Web Filter is your answer.

Scott

That is what i thought also. The web monitor uses "policies" to control access.
Since I am a new user of Untangle, I have not written any policies. I am currently running with web monitor "off". (I only have the default policy) But I have web filter running, which scans traffic for the firewall. The firewall is truly running, I have tested it. In the config for web filter, they have a parameter to pass traffic going to a particular web site, which i would like to implement. That is why i am seeking the Tivo url for the maint call.
Untangle also has a parameter for allowing particular clients to free access to the internet. I have that configured now for the Tivo clients and the maint communications are working OK on all the Tivo boxes. I just think that the parameter to only open up to a particular website is more secure than opening up for any communication by the Tivo app.

Now if i could get Tivo support to help me with the app handling the data once it has been downloaded, I would be a happy camper.

 

[lhvetinari]

That is what i thought also. The web monitor uses "policies" to control access.
Since I am a new user of Untangle, I have not written any policies. I am currently running with web monitor "off". (I only have the default policy) But I have web filter running, which scans traffic for the firewall. The firewall is truly running, I have tested it. In the config for web filter, they have a parameter to pass traffic going to a particular web site, which i would like to implement. That is why i am seeking the Tivo url for the maint call.
Untangle also has a parameter for allowing particular clients to free access to the internet. I have that configured now for the Tivo clients and the maint communications are working OK on all the Tivo boxes. I just think that the parameter to only open up to a particular website is more secure than opening up for any communication by the Tivo app.

Now if i could get Tivo support to help me with the app handling the data once it has been downloaded, I would be a happy camper.

Try allowing *.tivo.com and *.tivoservice.com through the filter, that should (probably) sort it out.

If I had to punt, I'd say the Untangle system is doing some sort of SSL inspection that is messing with the key/cert, and the TiVo is doing what it should do and failing the update because the keys don't match.

 

[KeepingUp]

Thanks,

the url suggestions are good,
Your "punt" makes sense , I will test it tonight.

 

[HerronScott]

the url suggestions are good,
Your "punt" makes sense , I will test it tonight.

If the Untangle software is blocking, I would expect there to be a log of what URL it's blocking that the TiVo's are trying to access.

Scott