Hello all,
I'll be brief - our employee wifi has intra-SSID blocking enabled so that devices cannot speak directly to one another. This interferes with our Chromecast though; it can't connect to a device because of this setting. We don't want to turn the setting off though - is there a way we can add an exception to our firewall to allow devices to just speak to our Chromecast but no one else?
We have a FGT240D running 6.0.4.
Thanks so much,
Jordan
~~ SOLVED ~~
Fact:
Intra-SSID exceptions cannot happen, being as they happen at the L2 level and any IPv4 policy will be overriden by this.
Workaround:
Link to the respective KB article below, but we had to enable the following settings in CLI.
config system settings
set multicast-forward enable
end
-
config system settings
set multicast-ttl-notchange enable
end
------------------------
After this, we added 2 multicast policies between the Chromecast's WiFi and our WiFi (see screenshots). This allowed the broadcast packet sent by the chromecast to spill over into the subnet we wanted.
------------------------


---------------------
Finally, we added an IPv4 rule allowing only traffic to and from the chromecast's DHCP reserved address, patching any open loopholes.
 
					
				
				
			
		
| User | Count | 
|---|---|
| 2677 | |
| 1412 | |
| 810 | |
| 703 | |
| 455 | 
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.