This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

how to enable chromecast on Sophos XG

Hello,

I need your help for making chromecast work again on my LAN. I had to restrict the protocols on my LAN.

 My current setup is: Sophos XG, all devices on the LAN are allowed to use: http, https, smtp, smtps, imap, ping:

As a result, the chromecast stick cannot be accessed by my ipad or similar devices. He has been assigend a static LAN IP address - 192.168.2.8

There are no vlans defined that would separate Wifi from LAN etc.

On other threads here in this forum, especially that one I found the ports necessary to be opened up for my chromecast stick:  

 How do I enable multicast to allow communication to Google Chromecast across VLANs? 

  • Allow high UDP ports both incoming and outgoing. "High ports" are the local ports usually ranging 32768-61000.   - done
  • Allow both TCP ports 8008 and 8009 outbound to the Chromecast device.  - done

I did this by adding a separate rule to "rules and policies" specifically for chromecast only: (currently rule status OFF as it didn´t work when enabled and until it´s not configured properly)

the "chromecast ports" I defined as such:

Is that properly done?

But how can I configure the next one required?

  • Allow the special SSDP packets outbound (which is UDP traffic to the multicast IP 239.255.255.250, destination port 1900) which is used to check for other Google devices in the same network. Google devices reply with the Source IP to this packet.

Please, I need a step by step guide on how to configure that please: I cannot find any menu where I could enter a specific IP address for allowing chromecast to use it or block it.

And will these be sufficient so that I can access the chromecast stick via an ipad on my LAN to tell him what to stream?

Many thanks, 

Alex.



This thread was automatically locked due to age.
Parents
  • And will these be sufficient so that I can access the chromecast stick via an ipad on my LAN to tell him what to stream?

    No. You must allow DNS also, otherwise the Chromecast cannot perform lookups for sites.

    EDIT. I see that you want it to be accessible by devices on your LAN. If you are trying to control the Chromecast from your iPad to watch content online, you will need to add DNS to the allowed services in the firewall rule.

    I am not asking for a problem with web access by chromecast. I am asking one step before - I cannot reach chromecast within my LAN.

    You can reach it since it replies to ping commands. That means it's on the same network. As a result, the issue is almost certainly DNS related since it is not in the allowed services, unless you have an allow rule below that allows DNS outbound from your LAN/WiFi to the WAN.

  • More than likely it is using the XG as a DNS, but requires DNS over TLS to talk to the Google DNS (port 853).

    Also the settings on the local switch can affect what ports are past or allowed just ignored.

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • More than likely it is using the XG as a DNS, but requires DNS over TLS to talk to the Google DNS (port 853).

    Also the settings on the local switch can affect what ports are past or allowed just ignored.

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

Children
No Data