Sonos Speakers over firewall

I have a firewall that separates my wired LAN subnet where my SmartThings Hub is connected and my Sonos speakers which sit on the WiFi subnet.

I was able to successfully forward broadcast and multicast traffoc through the firewall (FortiGate) by changing configuration settings. I confirmed this by running a tcpdump on a Linux device which I have on the wired network. I confirmed that I see SSDP packets (UDP 1900) coming into that device via the broadcast address ( I did a full packet trace and see the XML file indicating the HTTP URL to connect to the Sonos speaker.

When I try and add ‘things’ from my SmartThings app nothing is discovered. The Logs on my hub say ‘In ssdpDiscover’ followed by ‘No devices to add, verified devices: [:]’

I turned logging on my firewall and also ran a network trace on the wired subnet of the firewall interface. All packets from SmartThings are being accepted and forwarded but the only traffic I see from SmartThings is UDP traffic to the Sonos IP on port 9. The packet reaches the Sonos device but it just responds with ‘port 9 is unreachable’.

Long story shot, looks like everything is being forwarded properly – I really think this should work. Anyone have more info on how SmartThings goes about its discovery process?

SmartThings requires that local network devices be on the same subnet as the ST hub. (I believe this is due to using direct mac/arp addressing rather than using routing tables.)