Google Chromecast has left a wake of positive and negative thoughts recently. This 35 dollar TV streaming device offers quite a bit of functionality to your TV. If you are like myself and have a firewall at home you will need to create some rules. Google require their Chromecast to access their DNS and NTP servers. This post includes the ASA configuration – this done on an ASA 5515-X. When I get around to booting up the SRX, I will post up a configuration.

access-list ACL-INSIDE extended permit udp object-group OBJ-CHROMECAST any eq ntp
access-list ACL-INSIDE extended permit udp object-group OBJ-CHROMECAST object-group DNS-CHROMECAST eq domain

Simple enough access-lists. Now for the objects which they reference.

object-group network DNS-CHROMECAST
network-object host

object-group network OBJ-CHROMECAST
network-object host

There you have it. A nice easily configuration for the Chromecast. It is a little bit of a shame that Australians need to use Google DNS servers. Australia is geographically located a little distance away from Google’s DNS servers. It is necessarily not the best due to latency and your own ISP may be much more responsive.

Enjoy your Chromecast behind your ASA Firewall – SRX people stay tuned!

8 thoughts on “Cisco ASA and Google Chromecast

  1. I’m not so sure that Australia is that far from a Google DNS server. I’m only 35 ms from one, which would imply that they have anycasted it to a server in Sydney.

    1. Yeah – I agree. You can look at the analytics google pull from general website stats and think they aren’t using that as it is. Without a doubt they will be harvesting Chromecast data if they make it mandatory for use. Makes you wonder what information is passing through to the overlords as it is. 35 dollars is a cheap entry point for targeted marketing!

Leave a Reply

Your email address will not be published. Required fields are marked *