Video Screencast Help
New Company Name and Logo Announced. Learn More.

SEP firewall rule(s) for iTunes AirPlay/Home Sharing

Created: 03 Mar 2013 • Updated: 06 Mar 2013 | 14 comments
Vova_NetWiz's picture
This issue has been solved. See solution.

Having a hard time properly configuring firewall rules, in SEP 12.1.2, to allow iTunes AirPlay streaming through Apple TV (on the same network, obviously). Help with specific rule settings would be greatly appreciated. Thanks to all. Here's the details:

iTunes (either 10.7 or 11.0.2) would not connect to Apple TV unless NTP is disabled. Created an app rule for iTunes.exe to allow all traffic, both ways, on all hosts and protocols. Alternatively, tried creating 2 rules based on this: http://www.symantec.com/docs/TECH155340. Not sure I did it correctly, though. Also checked this doc, but didn't notice anything specific: http://support.apple.com/kb/TS1629.

In either instance, the problem is the initial connection to Apple TV, which will not occur unless NTP is disabled and iTunes is re-started. Once the connection is completed, and iTunes is streaming to Apple TV, NTP can be re-enabled and streaming continues without any problems - for about an hour, then NTP has to be disabled again and iTunes re-started.

Here's a screenshot of SEP's Network Activity monitor while it's streaming problem-free (...148 is the PC, ...161 is Apple TV):

Thanks again for any assistance in resolving.

Operating Systems:

Comments 14 CommentsJump to latest comment

Brɨan's picture

Can you post the Traffic log from the client? Something other connection attempt is not being allowed which is causing the problem.

I'm unable to click on the screenshot. It won't expand.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Vova_NetWiz's picture

Not sure if I set it properly (the screenshot properties). Hope this works and helps. Thanks.

Brɨan's picture

Can you post the traffic log from the client? I think there is still something being missed, perhaps a connection to something else other than from iTunes

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Vova_NetWiz's picture

The attached spreadsheet has 2 tabs. One for the traffic and one for the sys management log. I opened iTunes at 2 p.m. with all protections enabled in SEP and it would NOT sync with Apple TV. You'll note in the logs when I turned various protections off for testing. At 2:13 - after iTunes synced with Apple TV - I turned the firewall back on. Please keep in mind that after about an hour of successful streaming the sync is blocked and the process of re-setting the firewall needs to be repeated in order to re-sync.

FYI... Apple TV's MAC address is 7C:D1:C3:05:F9:08, and it's LAN IP address is .161

AttachmentSize
2013-03-05 SEP Logs.xlsx 165.39 KB
Vikram Kumar-SAV to SEP's picture

Is this client managed or Unmanaged ?

In the Traffic log what do you see as blocked ?

Also is it Firewall blocking it or IPS ? can you try removing IPS only to check if it works ?

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

Vova_NetWiz's picture

The client is unmanaged. The attached doc contain screenshots of NTP configs. Please see the other thread for additional info on the traffic & management logs. Please advise further. Thank you.

AttachmentSize
2013-03-05 SEP NTP Configs.docx 165.05 KB
Brɨan's picture

Create a rule to allow MAC 7C-D1-C3-05-F9-08 to use UDP over port 5353. Move it above the Block_all rule

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Vova_NetWiz's picture

I knew this was an option, Brian. But I didn't want to use it because the goal was to allow iTunes streaming to ANY AirPlay enabled device (whether Apple TV or other) in any location.

Vikram Kumar-SAV to SEP's picture

I see lot of block events on block all other traffic which matches list of ports by apple

UDP 1900 and UDP 5353 and ICMP 3

Create a rule to allow above ports

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

Brɨan's picture

UPnP uses UDP port 1900 but I believe a default rule in SEP is to block it from non private IP addresses.

I believe UDP 5353 being blocked is the issue

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Vikram Kumar-SAV to SEP's picture

The article posted has a doc by apple http://support.apple.com/kb/TS1629 which says it uses 1900 and 5353

Vikram Kumar

Symantec Consultant

The most helpful part of entire Symantec connect is the Search button..do use it.

Brɨan's picture

Not good, considering how vulnerable it has been found to be just recently.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Vova_NetWiz's picture

OK guys, here's the latest... I had created an "allow all" rule for iTunes.exe prior to starting this post. It did not suffice. After our chatter exchange, I created 2 rules for ports UDP 5353 and TCP 3689 and disabled the previously created iTunes rule. All seems to be well now.

Ironically enough, prior to creating this post, I created the port rules pursuant to the TECH155340 article and it DIDN'T work, prompting me to create this post. I guess we'll chalk this one up to poltergeist ;-)

Thanks for your help Brian & Vikram.

SOLUTION
Brɨan's picture

Glad it is working.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.