Google Chromecast has left a wake of positive and negative thoughts recently. This 35 dollar TV streaming device offers quite a bit of functionality to your TV. If you are like myself and have a firewall at home you will need to create some rules. Google require their Chromecast to access their DNS and NTP servers. This post includes the ASA configuration – this done on an ASA 5515-X. When I get around to booting up the SRX, I will post up a configuration.
access-list ACL-INSIDE extended permit udp object-group OBJ-CHROMECAST any eq ntp access-list ACL-INSIDE extended permit udp object-group OBJ-CHROMECAST object-group DNS-CHROMECAST eq domain
Simple enough access-lists. Now for the objects which they reference.
object-group network DNS-CHROMECAST network-object host 220.127.116.11 object-group network OBJ-CHROMECAST network-object host 192.168.1.200
There you have it. A nice easily configuration for the Chromecast. It is a little bit of a shame that Australians need to use Google DNS servers. Australia is geographically located a little distance away from Google’s DNS servers. It is necessarily not the best due to latency and your own ISP may be much more responsive.
Enjoy your Chromecast behind your ASA Firewall – SRX people stay tuned!