Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
jesquivel
New Contributor

Intra-SSID Blocking Exception for a Chromecast?

Hello all,

 

I'll be brief - our employee wifi has intra-SSID blocking enabled so that devices cannot speak directly to one another. This interferes with our Chromecast though; it can't connect to a device because of this setting. We don't want to turn the setting off though - is there a way we can add an exception to our firewall to allow devices to just speak to our Chromecast but no one else?

 

We have a FGT240D running 6.0.4.

 

Thanks so much,

 

Jordan

1 REPLY 1
jesquivel
New Contributor

~~ SOLVED ~~

 

Fact:

Intra-SSID exceptions cannot happen, being as they happen at the L2 level and any IPv4 policy will be overriden by this. 

 

Workaround:

Link to the respective KB article below, but we had to enable the following settings in CLI.

 

config system settings

set multicast-forward enable

end

config system settings

set multicast-ttl-notchange enable

end 

 

------------------------

After this, we added 2 multicast policies between the Chromecast's WiFi and our WiFi (see screenshots). This allowed the broadcast packet sent by the chromecast to spill over into the subnet we wanted. 

------------------------

 

---------------------

Finally, we added an IPv4 rule allowing only traffic to and from the chromecast's DHCP reserved address, patching any open loopholes.

 

https://help.fortinet.com/fos50hlp/52data/Content/FortiOS/fortigate-firewall-52/Multicast%20Forwardi...

Labels
Top Kudoed Authors