https://community.checkpoint.com/t5/Firewall-and-Security-Management/allow-Sonos-app-throught-checkpoint/m-p/162490#M28903 <P>Multicast traffic does not route.<BR />You have to set up PIM in order to relay it between the subnets and have appropriate rules in place to allow the traffic.</P> Fri, 18 Nov 2022 19:56:29 GMT PhoneBoy 2022-11-18T19:56:29Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/allow-Sonos-app-throught-checkpoint/m-p/162461#M28894 <P>Hello guys !<BR /><BR />I'm stuck with my home lab, trying to do some test with multicast throught checkpoint.<BR />I've a user vlan 4 (192.168.4.0/24) and a media vlan 6 (192.168.6.0/24).<BR /><BR />A sonos server is hosted in vlan 6 with ip 192.168.6.54.<BR />Sonos app is on vlan 4.<BR /><BR />As far i understood, sonos use SSDP over UDP/1900 to discover sonos device (see wireshark in attachment).</P> <P>&nbsp;</P> <P>I've try to configure this:<BR />set igmp interface eth2.6 version 3<BR />set igmp interface eth2.6 local-group 239.255.255.250 on<BR />set iphelper interface eth2.4 udp-port 1900 relay-to 192.168.6.54 on<BR /><BR /></P> <P>However it's not working..<BR />I got this error message in smartconsole (see screenshot)<BR /><BR /></P> <P>Do you have some input to help me to address this issue ?</P> <P>&nbsp;</P> <P>Thanks,<BR />Arthur</P> <P>&nbsp;</P> Fri, 18 Nov 2022 16:02:05 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/allow-Sonos-app-throught-checkpoint/m-p/162461#M28894 Arthur_DENIS1 2022-11-18T16:02:05Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/allow-Sonos-app-throught-checkpoint/m-p/162490#M28903 <P>Multicast traffic does not route.<BR />You have to set up PIM in order to relay it between the subnets and have appropriate rules in place to allow the traffic.</P> Fri, 18 Nov 2022 19:56:29 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/allow-Sonos-app-throught-checkpoint/m-p/162490#M28903 PhoneBoy 2022-11-18T19:56:29Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/allow-Sonos-app-throught-checkpoint/m-p/162545#M28916 <P>huuum ok. Never play with PIM...&nbsp;<BR /><BR />If I setup PIM i got this:<BR />"IP multicast routing failed (too many packets received before route was resolved)"... Not really better <span class="lia-unicode-emoji" title=":disappointed_face:">😞</span></P> <P><BR />I do another test - If I put my sonos app in the same subnet of server, i got the attached capture.<BR />(sonos app=&nbsp;<SPAN>192.168.6.56 - server=&nbsp;192.168.6.54)<BR />1/ 192.168.6.56 -&gt; 239.255.255.250 - SSDP<BR /></SPAN><SPAN>2/ 192.168.6.56 -&gt; 235.255.255.255 - SSDP<BR /></SPAN><SPAN>3/ <SPAN>192.168.6.54 -&gt;&nbsp;192.168.6.56 - UDP<BR /></SPAN>Here discover is done<BR />4/ then TCP connection between both host</SPAN></P> <P>&nbsp;</P> <P><SPAN>So indeed, seems definitively an issue with multicast/PIM.<BR /></SPAN></P> Sat, 19 Nov 2022 15:08:01 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/allow-Sonos-app-throught-checkpoint/m-p/162545#M28916 Arthur_DENIS1 2022-11-19T15:08:01Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/allow-Sonos-app-throught-checkpoint/m-p/162552#M28918 <P>Will admit, I’ve never tried PIM with Sonus.<BR />I know I’ve done it with Bonjour (Apple-specific protocol) in the past.</P> Sat, 19 Nov 2022 20:42:28 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/allow-Sonos-app-throught-checkpoint/m-p/162552#M28918 PhoneBoy 2022-11-19T20:42:28Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/allow-Sonos-app-throught-checkpoint/m-p/162673#M28943 <P>No prob, thanks anyways for your input !<BR /><BR />If someone else have an idea or already try this, would be very appreciated</P> Mon, 21 Nov 2022 16:38:25 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/allow-Sonos-app-throught-checkpoint/m-p/162673#M28943 Arthur_DENIS1 2022-11-21T16:38:25Z