Problems with Access of Tablets in different Zones

[PotatoCarl]

Hi
I have a confusing problem which I cannot figure out:
- I have a number of Samsung A9+ tablets configured in the LAN
- The tablets can access the internet and internal zones and download the *Play Services* Updates without problem
- They cannot download the Samsung Update (Software/Firmware Update)
- If I plug them into our Guest Network, all works fine
- When I do a live inspection of the Firewall protocol with the source of the corresponding IP I only get "pass to router, "Anti Lockout Rule"" no other message.

I really do not understand where it stalls. Any idea?

I am using unbound as DNS with some standard ad-blockers, but as I can access the internet fine, this is not an issue, isn't it?

Any help for understanding how to trace the problem would be apreaciated.

[EricPerl]

The anti-lockout rule should only fire when accessing the firewall itself, which happens if you're looking at the Web GUI on the same tablet that's trying to perform updates...

I suspect a typical sequence of DNS + HTTP(s) traffic as part of the update.
It's possible that your ad-block somehow contains a block for a domain involved in the update.
If that's the case, the DNS lookup will end returning an error or IP that can't be used and there won't even be an http(s) request.

I suggest you look at the DNS logs (Reporting > Unbound DNS > Details) and watch requests from the tablet as you're checking for updates or try to perform one.
If you see a block for a domain that looks promising, unblock it.

A cursory search indicates the servers could be *.ospserver.net
You could look for these in your existing logs...