TIVO Updates Being Blocked
marct191
Newbie ✭
I have 2 Tivo units on my home network: Tivo Roamio and Tivo Mini. They were working fine and receiving Tivo update traffic without problem. Now that I've connected my Sonicwall 250 SOHO to my network all regular traffic works normally but now my Tivo's cannot receive any updates; the Sonicwall is blocking it but I don't know how to see the block in the Sonicwall or how to restore the Tivo network traffic updates. Can anyone offer any assistance?
Category: Entry Level Firewalls
0
Best Answers
-
CORRECT ANSWERmarct191
Newbie ✭
I narrowed it down to the Content Filter turned it off and all Tivo traffic works normally. I just have to exclude those IPs that the Tivo uses for updates. Thanks all.
0
Answers
Hi @marct191 ,
Hope you are doing good.
You can perform packet capture on sonicwall and follow the KB below :
Ether Type: IP
IP Type: TCP,UDP
Source IP address: Mention the IP address of the Tivo IP device that is facing issue
Please check for the drop codes on the packet capture under the packet details and based on drop codes that will explain what service on the firewall is causing the issue.
Thanks
Nevyaditha P
Technical Support Advisor, Premier Services
Hello @marct191,
I don't see any App control signatures for Tivo application specifically. It can either be a URL that is being blocked by CFS or a special port number used by Tivo for those updates that needs to be allowed.
The packet capture will show you the drops to narrow this down.
Thanks!
Shipra Sahu
Technical Support Advisor, Premier Services
We have had built in default service objects for Tivo in SonicOS for about a decade or more:
Here is a copy of the packet capture I did per NEVYADITHA's recommendation. Please let me know what this is telling me.
From what I can tell the firewall is dropping UDP packets from my Tivo's and that I don't have Multicast configured for UDP for these two units. How do I set up Multicast for these IP's 192.168.168.62 & 192.168.168.110?? You can look at the file in any text editor. Thanks.
Hello @marct191,
The packet capture that you have attached shows drops for Multicast forwarding from 192.168.168.110 and 192.168.168.62 to the Multicast address 224.0.0.251. Please use the KB below for enabling Multicast Support.
If you do not want to create specific multicast policies, you can use the option "Enable reception of all multicast addresses" under Multicast Policies.
Also, once you enable Multicast, it creates auto added access rules for destination Zone Multicast. Please make sure that all the LAN to Multicast access rules are set to allow.
If the issue is still not resolved, I would suggest contacting SonicWall support so that we can help you troubleshoot this issue in real-time.
Thanks!
Shipra Sahu
Technical Support Advisor, Premier Services
Hi @marct191 ,
Please follow the above steps mentioned and also ensure the access rule for the multicast traffic from LAN to Multicast is allowed .
Navigate to Rules | Access Rules.
Select the "Matrix" View Style. Select the LAN to Multicast intersection.
Edit the default LAN to Multicast Deny rule. Change the Action to Allow. Click OK.
_If the TIVO application is still not working, then probably you can capture again and check for drop codes.
Thank You!
Nevyaditha P
Technical Support Advisor, Premier Services
This is a copy of a dropped packet message:
Ethernet Header
Ether Type: IP(0x800), Src=[00:11:d9:7d:18:2f], Dst=[ff:ff:ff:ff:ff:ff]
IP Packet Header
IP Type: UDP(0x11), Src=[192.168.168.62], Dst=[192.168.168.255]
UDP Packet Header
Src=[2190], Dst=[2190], Checksum=0x4f48, Message Length=170 bytes
Application Header
Not Known:
Value:[1]
DROPPED, Drop Code: 164(Broadcast traffic not handled.), Module Id: 25(network), (Ref.Id: _9336_jcpfngDtqcfecuvRcemgv) 1:0)
How can I fix the 164 error??
Hello @marct191,
The broadcast traffic is intended for a specific network. You can see that the destination IP on that packet is 192.168.168.255. Since the firewall is an L3 device, it will not forward this broadcast traffic from one network to another. This is a legitimate drop.
This should not be the reason why the Tivo updates are failing.
Thanks!
Shipra Sahu
Technical Support Advisor, Premier Services
Tivo says port 2190 must be open TCP and UDP. How can I open this port?
Hi @marct191 ,
Please go to Firewall access rules from LAN to WAN and check for the access rules.
By default, all the traffic from LAN to WAN is allowed and is not blocked by the firewall.
Thanks!
Nevyaditha P
Technical Support Advisor, Premier Services
Hi @marct191 ,
As mentioned by John earlier, we already have the default Tivo services available on the firewall. You can find them under Manage | Objects | Services Objects | Service Groups tab.
Although, from LAN to WAN we have the default rule Any, Any, Any set to allow. You can create an explicit rule for Tivo as below.
Source: Any (You can also specifically select the group containing 192.168.168.110 and 192.168.168.62)
Destination: Any
Service: Tivo Services
Action: Allow
If you have customized the LAN to WAN access rules please use the arrow icon on the rule and change the priority on this rule to be 1 so that it is on the top of the list.
Thanks!
Shipra Sahu
Technical Support Advisor, Premier Services