In this article, we will take a closer look at:
"How to get the Sonos App and Spotify Connect working if you are using a Zyxel Product?"
This article will help You to setup Your Sonos Speakers in Your Zyxel environment and get Spotify Connect up and running.
Table of Content
1) Introduction
2) Configure Stand-alone Firewall
2.3 Configure IGMP on WAN/LAN Interface
3) Configure Stand-alone Switch
4) Configure Nebula Firewall
4.3 Configure IGMP Upsteam & Downstream
5) Configure Nebula Switch
1) Introduction
This article can be used to activate Spotify Connect for Multiroom and Home Speaker Systems of other Brands too.
For Example:
- Bose
- Yamaha
- etc ...
Just simply ignore the steps that are needed for the Sonos System.
We are assuming that the Topology looks like this:
- The Sonos is either a wired or wireless Client in the Network.
- The Content Filter is active on the Zywall/USG/ATP
- We are using a Zyxel Switch and Access Point
Let's start setting it Up!
2) Configure Stand-alone Firewall
2.1 Configure Content Filter
Please make sure that you disable the Function:
Drop Connection when HTTPS connection with SSL v3 or previous version
This needs to be done because Spotify Connect still uses SSL v3 for Secure communication.
Configuration -> Security Service -> Content Filter
Now we go to the Content Filter Profile for our Network:
Go To: Custom Service
Click on "Enable Custom Service" and add the following URL to the Trusted Web Sites:
Settings related to Sonos only:
*.sonos.com
Settings related to Spotify Connect only:
*.spotify.com
2.2 Configure Firewall Rules
Now we need to Setup two Firewall rules to allow IGMP and Multicast from the WAN.
First, we need to create an address Object for the IGMP Range:
Configuration -> Object -> Address/Geo IP -> Address
-> "Add"
Name: IGMP_Range
Address Type: RANGE
Starting IP Address: 224.0.0.0
End IP Address: 239.255.255.255
-> "OK"
224.0.0.0-239.255.255.255
Now we set up our Rules:
Configuration -> Security Policy -> Policy Control
-> "Add"
-> "Enable"
Name: IGMP_to_ATP
From: WAN
To: ZyWALL
IPv4 Source: any
IPv4 Destination: any
Service: Multicast
-> "OK"
---------------------------------------------------------
-> "Add"
-> "Enable"
Name: IGMP_to_LAN
From: WAN
To: YOUR LAN NETWORK
IPv4 Source: any
IPv4 Destination: IGMP_RANGE
-> "OK"
2.3 Configure IGMP on WAN/LAN Interface
Configuration -> Network -> Interfaces -> Ethernet
For the WAN Interface, activate IGMP Upstream:
For the LAN Interface, activate IGMP Downstream:
3) Configure Stand-alone Switch
Please follow our Guides on RSTP and IGMP Snooping:
How to configure RSTP (Rapid-Spanning-Tree-Protocol) in a ring topology
How to configure IGMP Snooping for multicast clients in the same LAN
4) Configure Nebula Firewall
4.1 Configure Content filter
If you have Content Filter enabled, navigate to "Site-Wide -> Configure -> Firewall -> Security Service" and please untick the "drop connection where there is an HTTPS connection with SSL v3 version". This is because Spotify Connect is still using SSL v3.
Then edit the content filter profile and allow
*sonos.com
*spotify.com
4.2 Configure Firewall Rules
Create a new firewall rule that allows anything coming to the device on the multicast protocol number "2"
As well as another firewall rule that allows anything coming to the multicast-range 224.0.0.0-239.255.255.255 on the multicast protocol number "2".
4.3 Configure IGMP Upsteam & Downstream
Navigate to "Site-wide -> Configure -> Firewall -> Interface", click edit on your WAN interface and scroll down to "IGMP proxy". Then tick that box as well as choose the IGMP upstream.
Edit your LAN or VLAN interface and scroll down to enable IGMP proxy and choose IGMP Downstream here.
5) Configure Nebula Switch
In order for the Multicast to Work properly we need also to set up the Spanning Tree and IGMP Snooping.
5.1 Configure RSTP
Switch -> Switch configuration
If not already active, click on the on/off Switch for RSTP
5.2 Configure IGMP
Switch -> Advanced IGMP
Because we only have one Switch we choose that it will be in the "Querier Role".
Now we are all set and good to go!