apple - macbook - airplay - appletv - firewall port findings
12-14-2012 12:15 PM
Just in case some one else may share a similar experience.
Controller software version 188.8.131.52 - trying to setup firewall policy to allow ipad, iphone, macbook, and appletv to share photo's, music, videos, and presentations in a customer conference room on a single SSID and single vlan. initial policy was set to only allow http(s), dns, and dhcp.
Apples documentation for typical ports, airplay ports, ect., did not work, and only assisted in getting the 'option' to share to an appletv to finally show up on devices.
Other post mentioned ipv6 and qos struff that did not seem to apply to us.
After working with Aruba support (Sreejith Mankiavil - was incredibly helpful), we were able to obtain a list of ports that were being used, but not listed in the apple docs...Not that I could find.
Sreejith showed me an incredibly helpful command to identify attempted, and failed, port utilization.
show datapath session table <clientIPaddress>
After that, we were quickly able to find the ports needed to do what we needed. Sreejith provided port recommendations, but I did go back and test one at a time until I got something I felt would be ok...maybe?
The ports that were missing from Apple docs (that i found) were 5000 > 7000 > 7001 > 7100 > 7010 > 7011.
The firewall policy we put together to get the Apple macbook, iphone, and ipad to work together using AirPlay, and AppleTV, on a local network included the addition of the following permits:
LocalAlias > 184.108.40.206 > tcp > port - 5353 (mdns - apple BS)
LocalAlias > 220.127.116.11 > udp > port - 5353
LocalAlias > LocalAlias > tcp > port - 5000 (seen with music)
LocalAlias > LocalAlias > tcp > port - 7001 (seen with video)
LocalAlias > LocalAlias > tcp > port - 7000 (seen with picture/file)
LocalAlias > LocalAlias > tcp > port - 7100 (seen with display-mirroring)
LocalAlias > LocalAlias > udp > port - 7010 (seen with display-mirroring)
LocalAlias > LocalAlias > udp > port - 7011 (seen with display-mirroring)
LocalAlias > LocalAlias > tcp > port - 3689 (don't remember needing it, but added it for iTunes music sharing)
LocalAlias > LocalAlias > tcp > port - 49152-65535 (dynamic ports) (!!!-REALLY...LOL...I know, right...but it works)
LocalAlias > LocalAlias > udp > port - 49152-65535 (dynamic ports) (Still LOL...)
any > any > tcp > port - 123 (so appletv can get time)
any > any > udp > port - 123 (so appletv can get time)
Have no idea if this will help any one, but I just know I would love to have found this at the begining of the week.