Main Menu
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Events
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • SonicWall Promotions
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
SonicWall
  • Products
      All Products A–Z
      Free Trials
    • Network Security
      • Next-Generation Firewall (NGFW)
      • Network Security Services
      • Network Security Management
      • Secure SD-WAN
    • Threat Protection
      • Advanced Threat Protection Cloud
      • Advanced Threat Protection Appliance
      • Capture Labs
    • Secure Access Service Edge (SASE)
      • Zero-Trust Network Access (ZTNA)
    • Cloud Security
      • Cloud Firewall
      • Cloud App Security
    • Endpoint Security
      • Endpoint Detection & Response (EDR)
    • Email Security
      • Cloud Email Security
      • Hosted Email Security
      • On-Prem Email Security
    • Secure Access
      • Wireless Access Points
      • Network Switch
      • Virtual Private Network (VPN)
    • Wi-Fi 6 Access Points

      SonicWall SonicWave 600 series access points provide always-on, always-secure connectivity for complex, multi-device environments.

      Read More
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Network Segmentation
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure Wi-Fi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Events
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Events
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • SonicWall Promotions
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  • English English English en
  • BLOG
  • CONTACT SALES
  • FREE TRIALS
  • English English English en
SonicWall
  • Products
      All Products A–Z
      Free Trials
    • Network Security
      • Next-Generation Firewall (NGFW)
      • Network Security Services
      • Network Security Management
      • Secure SD-WAN
    • Threat Protection
      • Advanced Threat Protection Cloud
      • Advanced Threat Protection Appliance
      • Capture Labs
    • Secure Access Service Edge (SASE)
      • Zero-Trust Network Access (ZTNA)
    • Cloud Security
      • Cloud Firewall
      • Cloud App Security
    • Endpoint Security
      • Endpoint Detection & Response (EDR)
    • Email Security
      • Cloud Email Security
      • Hosted Email Security
      • On-Prem Email Security
    • Secure Access
      • Wireless Access Points
      • Network Switch
      • Virtual Private Network (VPN)
    • Wi-Fi 6 Access Points

      SonicWall SonicWave 600 series access points provide always-on, always-secure connectivity for complex, multi-device environments.

      Read More
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Network Segmentation
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure Wi-Fi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Events
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Events
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • SonicWall Promotions
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  • Menu

Configuring Multicast DNS for Apple (Bonjour) on Gen 5 and Gen 6 SonicWall appliances

10/14/2021 78 People found this article helpful 204,209 Views

    Download
    Print
    Share
    • LinkedIn
    • Twitter
    • Facebook
    • Email
    • Copy URL The link has been copied to clipboard

    Description


    This articles covers how to configure multicast DNS (Bonjour) on Gen 5 and Gen 6 SonicWall appliances.
    Jump to a specific step by clicking the below links:
    Step 1: Enabling IP Helper & the mDNS Protocol.
    Step 2: Configuring the IP Helper Policies.
    Step 3: Configuring the Access Rules.

    Resolution

    Resolution for SonicOS 6.5

    This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.

    Step 1: Enabling IP Helper & the mDNS Protocol.

    1. Log into the SonicWall Management GUI.
    2. Navigate to the Manage | Network | IP Helper page.
    3. E
    nable IP Helper by checking the "Enable IP Helper" checkbox. Click "Accept" to save the change.
    4. Enable the mDNS Protocol from the Relay Protocols list. The change will auto-apply and the page will refresh.


    Image

    Step 2: Configuring the IP Helper Policies.

    1. On the  Manage | Network | IP Helper page, find the Policies section.
    2. Click the"Add " button to add a new IP Helper Policy.

    Image

    3. Configure the WLAN to LAN IP Helper Policy. The WLAN to LAN policy allows Bonjour discovery to work from LAN clients.
    The effect: WLAN devices/systems are discovered by LAN devices/systems.

    • Policy Configuration:
      •  Protocol: mDNS
      •  From: "Interface W0" (Tip: You can replace "Interface W0" with any specific Interface.)
      •  To: "LAN Primary Subnet" or "X0 Subnet" (Tip: You can replace this with any specific Destination object. For example: X2 Subnet.)
      •  Optionally, you can add a comment to the Policy

    Image


    4. Configure the LAN to WLAN IP Helper Policy. The LAN to WLAN policy allows Bonjour discovery to work from WLAN clients.
    The effect: LAN devices/systems are discovered by WLAN devices/systems.
    Note: This is the reverse of the Policy outlined above.

    • Policy Configuration:
      • Protocol: mDNS
      • From: "Interface X0"
      • To: "W0 Subnet"
      • Optionally, you can add a comment to the Policy.

    Image

    5. Review your IP Helper Policies. The IP Helper Policies should look like this:


    Image

    Notes:

    • IP Helper Policies do not allow the discovered services to bypass access rules. Access Rules must be in place between the two Zones in order to utilize discovered services.
    • Two IP Helper policies are necessary to allow two-way discovery of services using Bonjour.
    • The WLAN to LAN Policy allows LAN clients to discover WLAN clients.
    • The LAN to WLAN Policy allows WLAN clients to discover LAN clients.


    Step 3: Configuring the Access Rules.

    1. Navigate to Rules | Access Rules.

    2. Select the "Matrix" View Style. Select the WLAN to LAN intersection.

    • Note: By default, the WLAN to LAN Access Rule table contains a single rule that denies any traffic.
    • Note: In this example, we will simply edit it to make it Allow instead of Deny. Alternatively, you can add custom rules to allow specific Services configured under Firewall | Services.
    • Tip: A list of ports used by Apple s software products  can be found here: http://support.apple.com/kb/TS1629


    Image

    3. Edit the default WLAN to LAN Deny rule. Change the Action to Allow. Click OK.

    • The screenshot above is the before image. The screenshot below is the after image.

    Image

    • Note: By default, the LAN to WLAN Access Rule table contains a single rule that allows any traffic. In this example, no change is required because the default rule is in place.
    • Tip: A list of ports used by Apple s software products can be found here: http://support.apple.com/kb/TS1629


    Resolution for SonicOS 6.2 and Below

    The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.

     Step 1: Enabling IP Helper & the mDNS Protocol.

    1. Log into the SonicWall Management GUI.
    2. Navigate to the Network | IP Helper page.
    3. Enable IP Helper by checking the "Enable IP Helper" checkbox. Click "Accept" to save the change.
    4. Enable the mDNS Protocol from the Relay Protocols list. The change will auto-apply and the page will refresh.


    Image

     Step 2: Configuring the IP Helper Policies.

    1. On the Network | IP Helper page, find the Policies section.
    2. Click the"Add " button to add a new IP Helper Policy.

    Image

    3. Configure the WLAN to LAN IP Helper Policy. The WLAN to LAN policy allows Bonjour discovery to work from LAN clients.
    The effect: WLAN devices/systems are discovered by LAN devices/systems.

    • Policy Configuration:
      •  Protocol: mDNS
      •  From: "Interface W0" (Tip: You can replace "Interface W0" with any specific Interface.)
      •  To: "LAN Primary Subnet" or "X0 Subnet" (Tip: You can replace this with any specific Destination object. For example: X2 Subnet.)
      •  Optionally, you can add a comment to the Policy

    Image


    4. Configure the LAN to WLAN IP Helper Policy. The LAN to WLAN policy allows Bonjour discovery to work from WLAN clients.
    The effect: LAN devices/systems are discovered by WLAN devices/systems.
    Note: This is the reverse of the Policy outlined above.

    • Policy Configuration:
      • Protocol: mDNS
      • From: "Interface X0"
      • To: "W0 Subnet"
      • Optionally, you can add a comment to the Policy.

    Image

    5. Review your IP Helper Policies. The IP Helper Policies should look like this:


    Image

    Notes:

    • IP Helper Policies do not allow the discovered services to bypass access rules. Access Rules must be in place between the two Zones in order to utilize discovered services.
    • Two IP Helper policies are necessary to allow two-way discovery of services using Bonjour.
    • The WLAN to LAN Policy allows LAN clients to discover WLAN clients.
    • The LAN to WLAN Policy allows WLAN clients to discover LAN clients.


     Step 3: Configuring the Access Rules.

    1. Navigate to Firewall | Access Rules.

    2. Select the "Matrix" View Style. Select the WLAN to LAN intersection.

    • Note: By default, the WLAN to LAN Access Rule table contains a single rule that denies any traffic.
    • Note: In this example, we will simply edit it to make it Allow instead of Deny. Alternatively, you can add custom rules to allow specific Services configured under Firewall | Services.
    • Tip: A list of ports used by Apple s software products  can be found here: http://support.apple.com/kb/TS1629


    Image

    3. Edit the default WLAN to LAN Deny rule. Change the Action to Allow. Click OK.

    • The screenshot above is the before image. The screenshot below is the after image.

    Image

    • Note: By default, the LAN to WLAN Access Rule table contains a single rule that allows any traffic. In this example, no change is required because the default rule is in place.
    • Alternatively, you can add custom rules to allow specific Services configured under Firewall | Services.
    • Tip: A list of ports used by Apple s software products can be found here: http://support.apple.com/kb/TS1629

    Related Articles

    • Bandwidth usage and tracking in SonicWall
    • How to force an update of the Security Services Signatures from the Firewall GUI
    • Configure Guest VLAN in the TZ firewall, for guest users to access Internet only.

    Categories

    • Firewalls > SonicWall NSA Series
    • Firewalls > SonicWall SuperMassive 9000 Series
    • Firewalls > TZ Series

    Not Finding Your Answers?

    ASK THE COMMUNITY

    Was This Article Helpful?

    YESNO

    Article Helpful Form

    Article Not Helpful Form

    Company
    • Careers
    • News
    • Leadership
    • Awards
    • Press Kit
    • Contact Us
    Popular resources
    • Communities
    • Blog
    • SonicWall Capture Labs

    Stay In Touch

    • By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. You can unsubscribe at any time from the Preference Center.
    • This field is for validation purposes and should be left unchanged.
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
    • Instagram

    © 2023 SonicWall. All Rights Reserved.

    • Legal
    • Privacy
    • English
    Scroll to top