So this took me a few hours to diagnose and solve. Leaving this here for others:
On Sophos XG 18 MR3, Spotify Connect does not work from desktop players if you have any sort of web filtering enabled. So if you've enabled either policy filtering or AV scanning -- even if they do not block anything -- the desktop player will list the streamer as an available device, but be unable to connect.
This is both on macOS and on Windows. It does *not* occur on iOS so again this is from desktop players, not from mobile players.
Meanwhile the log viewer does not report any dropped or rejected traffic, applications or content. I am fairly certain that this is because at least part of the traffic is multicasted.
This is in DPI mode, with both the desktop player and network streamer on the same VLAN, connected over Wi-Fi on the same access point without any isolation between the stations. Also no endpoint firewalling getting in the way on the desktop or streamer.
To work around this you need to add a separate rule or exceptions for both the following networks and FQDN hosts:
- spotify.com
- *.spotify.com [you might scope this to *.ap.spotify.com -- have not tried]
- 78.31.8.0/21
- 193.182.8.0/21
- 194.68.28.0/22
- 193.235.32.115/24
- 193.235.203.178/24
- 193.235.206.102/24
On the following ports:
- 80/tcp
- 443/tcp
- 4070/tcp
- 5353/udp
This only concerns web filtering, IPS is not affected.
Hope this is of help to someone.
This thread was automatically locked due to age.
