Hot!Intra-SSID Blocking Exception for a Chromecast?

Author
jesquivel
New Member
  • Total Posts : 12
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/06/14 11:19:34
  • Status: offline
2019/09/17 10:36:48 (permalink) 6.0
0

Intra-SSID Blocking Exception for a Chromecast?

Hello all,
 
I'll be brief - our employee wifi has intra-SSID blocking enabled so that devices cannot speak directly to one another. This interferes with our Chromecast though; it can't connect to a device because of this setting. We don't want to turn the setting off though - is there a way we can add an exception to our firewall to allow devices to just speak to our Chromecast but no one else?
 
We have a FGT240D running 6.0.4.
 
Thanks so much,
 
Jordan
#1
jesquivel
New Member
  • Total Posts : 12
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/06/14 11:19:34
  • Status: offline
Re: Intra-SSID Blocking Exception for a Chromecast? 2019/09/30 13:15:03 (permalink)
0
~~ SOLVED ~~
 
Fact:
Intra-SSID exceptions cannot happen, being as they happen at the L2 level and any IPv4 policy will be overriden by this. 
 
Workaround:
Link to the respective KB article below, but we had to enable the following settings in CLI.
 
config system settings
set multicast-forward enable
end

config system settings
set multicast-ttl-notchange enable
end 
 
------------------------
After this, we added 2 multicast policies between the Chromecast's WiFi and our WiFi (see screenshots). This allowed the broadcast packet sent by the chromecast to spill over into the subnet we wanted. 
------------------------
 

---------------------
Finally, we added an IPv4 rule allowing only traffic to and from the chromecast's DHCP reserved address, patching any open loopholes.
 
https://help.fortinet.com/fos50hlp/52data/Content/FortiOS/fortigate-firewall-52/Multicast%20Forwarding/Enabling%20multicast%20forwarding.htm
post edited by jesquivel - 2019/09/30 14:53:51
#2
Jump to:
© 2019 APG vNext Commercial Version 5.5