Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How do I enable multicast to allow communication to Google Chromecast across VLANs?

Hello,

I am new to Sophos XG and networking in general.  I am attempting to set up Sophos XG on my home network so I can isolate my devices into separate VLANs.  So far the setup has been going well but I have run into an issue with communicating (casting) to my Google Home and ChromeCast devices when they are on a separate VLAN.  I have been doing some research and it seems this is related to multicasting being blocked across subnets.  I have searched the forums and it seems other people are having this issue but I haven't been able to find a solution.

Has anyone been able to get this to work?  If so, would you mind posting your configuration?

Things I have tried:

  • Enabled Multicast forwarding
  • Set up a multicast route (although I'm not sure I did this correctly)
  • Enabled Dynamic Routing for both my LAN and VLAN
  • Created firewall rules that would allow all traffic from LAN to VLAN and VLAN to LAN
  • Tried to set up Multicast(PIM-SM) but I'm not sure if this is where I need to be or if I did it correctly.

Thanks in advance!

Pete



This thread was automatically locked due to age.
Parents
  • Hi  

    In order to allow Chromecast to work smoothly in your network, you might require the following rules for the Chromecast device:

    • Allow high UDP ports both incoming and outgoing. "High ports" are the local ports usually ranging 32768-61000.
    • Allow both TCP ports 8008 and 8009 outbound to the Chromecast device.
    • Allow the special SSDP packets outbound (which is UDP traffic to the multicast IP 239.255.255.250, destination port 1900) which is used to check for other Google devices in the same network. Google devices reply with the Source IP to this packet.

    This should allow you to work your Google Home and Chromecast in different VLANs. Ideally, I'd suggest to keep it in the same VLAN.

    Regards

    Jaydeep

Reply
  • Hi  

    In order to allow Chromecast to work smoothly in your network, you might require the following rules for the Chromecast device:

    • Allow high UDP ports both incoming and outgoing. "High ports" are the local ports usually ranging 32768-61000.
    • Allow both TCP ports 8008 and 8009 outbound to the Chromecast device.
    • Allow the special SSDP packets outbound (which is UDP traffic to the multicast IP 239.255.255.250, destination port 1900) which is used to check for other Google devices in the same network. Google devices reply with the Source IP to this packet.

    This should allow you to work your Google Home and Chromecast in different VLANs. Ideally, I'd suggest to keep it in the same VLAN.

    Regards

    Jaydeep

Children
  • Thanks   I appreciate your help.

    I was allowing everything through the firewall and it was still having issues.  I eventually figured out that the issue was with my Ubiquity UniFi access point.  I had to check the box next to "Enable multicast enhancement (IGMPv3)" for each wireless network I have.  Once I did that I was able to cast across VLANs.  

  • Hi Pete,

    Just a quick question for you if you don't mind, is the only firewall rule you have in place a permit any LAN > LAN and that's it? I've tried this sort of thing with a Sophos AP and not had any luck in seeing a Chromecast unit on another VLAN that's all.

    Regards

  •  yes, for now I am permitting all traffic to/from the VLAN and LAN (I haven't had time to test any rules).  I also have "Enable multicast forwarding" selected in Routing | Static Routing but I'm not sure that's necessary.  I also haven't had time to test that either.  The key thing that got this to work for me was to check "Enable multicast enhancement (IGMPv3)" on my Ubiquiti wireless access point.