[NEBULA] Spotify Connect blocked by Content Filtering

blechkiste
blechkiste Posts: 14  Freshman Member
First Anniversary 10 Comments Friend Collector
edited April 2021 in Nebula

Hi

Even without any category being selected, NSG is preventing me from successfully select any Spotify enabled loudspeaker from the Spotify app in order to listen music on it. Disabling Content Filtering immediately resolves the problem.

There's no information in the Event logs on the NSG. I have captured the traffic on NSG for LAN1 and WAN1, merged them in Wireshark and started with the troubleshooting. I've pulled the following HTTP hosts from the conversations and added them to the white filter on NSG which did not help:

*.edgesuite.net

*.akamaitechnologies.com

*.spotify.com

*.googleusercontent.com

Is there any possibility to debug the content filtering mechanism on the NSG? Clearly, the issue is related to that functionality. Appreciate any help.

Regards

Walter

Accepted Solution

  • Zyxel_Chris
    Zyxel_Chris Posts: 653  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Answer ✓

    To All,

    The root cause is because Spotify use SSLv3 communicate with each clients, which considered is vulnerable and block by CF, if anyone who experience this issue please just leave the message here, I will help you.?


    /Chris

    Chris
«1

All Replies

  • Zyxel_Chris
    Zyxel_Chris Posts: 653  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hello @blechkiste

    Welcome back to the community.

    May I know is there any content filtering entry in Gateway>NSS Analysis?

    Since I cannot reproduce the issue, therefore I'd like to private message you about the Org. information please be aware of your Inbox message.?


    /Chris

    Chris
  • blechkiste
    blechkiste Posts: 14  Freshman Member
    First Anniversary 10 Comments Friend Collector

    Thanks, Chris. I’ve opened a support case.

    wrt NSS: no further information visible either.

    Regards

    Walter

  • Zyxel_Chris
    Zyxel_Chris Posts: 653  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Answer ✓

    To All,

    The root cause is because Spotify use SSLv3 communicate with each clients, which considered is vulnerable and block by CF, if anyone who experience this issue please just leave the message here, I will help you.?


    /Chris

    Chris
  • Dave_M
    Dave_M Posts: 1
    First Comment
    Still no solution? Having the same problem. Denon Spotify player is visible but the connection from my phone is never established.
  • blechkiste
    blechkiste Posts: 14  Freshman Member
    First Anniversary 10 Comments Friend Collector

    Hi Dave

    Zyxel fixed it directly on my NSG. Reach out to Nebula_Chris. You'll probably need to open a support ticket too.

    Regards

    Walter

  • Zyxel_Chris
    Zyxel_Chris Posts: 653  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    @Dave_M

    Have replied you via private message please check your inbox message.?

    Chris
  • Juan_SUS
    Juan_SUS Posts: 1
    Having the Same issue googleusercontent.com is blocked with the MSG:

    Websites prove their identity via certificates. Firefox does not trust this site because it uses a certificate that is not valid for doc-0o-6k-apps-viewer.googleusercontent.com. The certificate is only valid for the following names: dnsft.cloud.zyxel.com, *.dnsft.cloud.zyxel.com


  • ivers
    ivers Posts: 45  Freshman Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited May 2022
    @Juan_SUS
    Did you try to put this domain in white list on content filtering?
    *.googleusercontent.com 

  • tesagig
    tesagig Posts: 56  Ally Member
    First Anniversary 10 Comments Friend Collector

    just wondering whether this could apply to my USG 100 Flex?

    Fundamentally, "Spotify Connect" does not work for me on my Bluesound Node.
    1.) If I navigate though BluOS to Spotify the Spotify app indicates that it is trying to connect to my Node but never succeeds.
    2.) If I click on airplay within spotify and select Node it works ( but I
    like to use "Spotify connect" to not be dependent on ipad after music
    selection)


    So, I can play spotify on my ipad, but not on Bluesound using "Spotify connect"

    I have the spotify app enabled on my USG on the outgoing traffic.

    Local traffic is wide open.

  • tesagig
    tesagig Posts: 56  Ally Member
    First Anniversary 10 Comments Friend Collector

    Hello?

    I found this article as well:

    https://support.zyxel.eu/hc/en-us/articles/360011000819-On-Premise-Nebula-Configure-Sonos-and-Spotify-Connect-for-Firewall-Switch

    Is there a fix coming up?

Nebula Tips & Tricks