Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Apple TV & Airplay

Hi, I have just purchased a XG105 with AP50s and am having trouble a) using Airplay from iPhone / Mac to ATV b) playing Netflix content on ATV.

I have read through the forums and there doesn't appear to be any clear instruction to either adjust the Default Firewall policy or Default Web Policy.

I have dropped the Default Web policy and was then able to stream from services on ATV like TED Talks, but this defeats the purpose of Web control, so not sure what part of the Default policy is blocking.

Main problem is Airplay though.

Any ideas?

This thread was automatically locked due to age.
  • Interestingly it appears to be rule #0 for FW and Policy

    messageid="01001" log_type="Firewall" log_component="Invalid Traffic" log_subtype="Denied" status="Deny" con_duration="0" fw_rule_id="0" policy_type="0" user="" user_group="" web_policy_id="0" ips_policy_id="0" appfilter_policy_id="0" app_name="" app_risk="0" app_technology="" app_category="" in_interface="Port1" out_interface="" src_mac=""

    src_ip="" src_country="" dst_ip="" dst_country="" protocol="TCP" src_port="59457" dst_port="5223" packets_sent="0" packets_received="0" bytes_sent="0" bytes_received="0" src_trans_ip="" src_trans_port="0" dst_trans_ip="" dst_trans_port="0" src_zone_type="" src_zone="" dst_zone_type="" dst_zone="" con_direction="" con_id="" virt_con_id="" hb_status="No Heartbeat" message="Could not associate packet to any connection." appresolvedby="Signature"

  • Hi,

    Which mode do you use on the AP?

    Can you describe your Network (Switch, AP, XG - Short map).

    Would recommend in a private environment to go with Bridge to AP LAN and use 1 Broadcast domain, to use the Multicast / Broadcast Features of Bonjour.




  • thanks for replying ManBearPig.


    I have a ISP Cable modem that the XG is connected to with 1 broadcast domain to LAN for port 1,3&4.  A switch basic Linksys 8 port switch is connected to Port 1 and the AP50 is connected to that, whihc is Bridge to AP LAN.


    The problem sits with only the AppleTV and Timecapsule and agree that I think its Bonjour and multicast.  I can't connect my Mac Powerbook to Airplay -> ATV or my iMac to the Airport TUtility for Timecapsule and Time Machine.  Thought this may have been a commonly experienced issue due to default policy configuration on the Sophos, hence the default drop from FW#0.


    I can stream everything fine from my iPad apps (Netflicx, YouTube). 


    Apologies if this is a basic question, but what is the best way to allow Multicast / Broadcast within the firewall rule GUI, assuming it has to be a specific rule for Source and Destination Services for the specif ports.




  • Ok, problem solved

    I logged a support case and solved part of it with them and also realised I had made a rookie mistake.

    Here is what we did:

    Created a new DHCP scope for my Bridge / LAN network and allocated a static IP to the AppleTV and TimeCapsule.

    Created a new FW rule Source Zones: LAN/WIFI > Source Devices: IP of AppleTV, Destination Zones: WAN > Destination Networks: ANY, No Malware, No Web Policy

    so pretty simple right?

    So the rookie mistake was this....

    As I was troubleshooting a previous issue with connecting to my APs, McAfee on my MAC had set the network to Public, so the McAfee FW was blocking the traffic locally.

    Once I changed this setting to Home /  Work network the TimeCapsule displayed in Airport Utility and TimeMachine was able to see the disk again.

    Challenge now is that I think as part of troubleshooting a few settings were changed via CLI by Support, and now I am dropping packets over the WiFi so can't use WiFiCalling on iPhone as the call drops... back to support I guess

  • My fix was similar as above for Chromecast, Airplay, DLNA although not as complex. I have seen a lot of posts with people trying to get this to work on their small XGs or XG home edition.


    Create a Bridge port for the ports you have on your LAN, create a DHCP scope for bridge port and then a firewall rule so all LAN to LAN traffic is allowed and has no policies set.


    All devices come up with a DHCP address on the same subnet and therefore no issues from multicast, bonjour etc etc.

  • My fix was similar as above for Chromecast, Airplay, DLNA although not as complex. I have seen a lot of posts with people trying to get this to work on their small XGs or XG home edition.


    Create a Bridge port for the ports you have on your LAN, create a DHCP scope for bridge port and then a firewall rule so all LAN to LAN traffic is allowed and has no policies set.


    All devices come up with a DHCP address on the same subnet and therefore no issues from multicast, bonjour etc etc.

No Data