Sonos system can't update. Is this a firewall issue?

Dear all,

this is my first post. After searching around I haven’t been able to resolve my issue.

With turris omnia my Sonos system will not be able to update. I believe this never worked and my previous solution was to connect a different router with same ssid. The update worked then.

I am suspecting that this is a firewall issue.
I found this sonos faq article:
It says that port 4444 tcp is required for System updates.

I have added this to the fire wall setup:
Sonos update: Any tcp - From any host in wan with source port 4444 To any router IP at port 4444 on this device - Accept input.
This did not help.

I am not very familiar with the firewall setup. I did not change many things from the system setup.
Can anybody help me?



You would need something like that only if the Sonos servers need to contact your Sonos system without it first contacting them.

What you’ve set up would allow any host on the internet to contact your router on port 4444. That’s all. The router wont forward that traffic anywhere inside your network. Unless the Sonos system is running on your router, this wont do anything. It may not do anything anyway unless the Sonos system on your router is set to listen to the WAN interface. If that’s the case, there’s no need for a firewall rule.

If you think the Sonos servers need to contact your Sonos system directly you can forward port 4444 from WAN to the IP of your Sonos system.

Thanks for the reply.


If you think the Sonos servers need to contact your Sonos system directly you can forward port 4444 from WAN to the IP of your Sonos system.

I tried to set this up but sonos will still not update:
IPv4-tcp From any host in wan Via any router IP at port 4444 IP, port 4444 in lan

Wouldn’t I need to set it up in the other direction as well, hence the sonos system trying to connect the servers?

This isn‘t necessary. The docs you mentioned are a bit misleading… Your Sonos system needs access to the sonos update servers on port 4444, not the other way around. This should be possible by default because forwarding from lan to wan zone is enabled by default, there are no blocked ports by default. I have a sonos system myself and updates work fine without any manual configuration.

If you didn’t do any major changes to your network settings (changed firewall zone forwarding, added some special firewall rules or changed some network interfaces) I think you don‘t have an issue with your firewall.

Did you try to change DNS settings (In (Re-)Foris)? Maybe the dns records of the sonos servers don‘t get resolved…

Is there any error message given by your sonos system when you start the update?

EDIT: The firewall rules you created open ports on your LAN/your router to the public. You should remove them…

Thanks for the explanation I have deactivated the settings.

I have dns forwarding activated in Foris. I deactivated this as a test but nothing changed.

I am still getting this error message:

This points to this error Error 1101 when updating Sonos | Sonos

I have searched a little bit more and I have no a different suspect.

In front of my Omnia I have a cable router which has also dhcp / dns activated. I remember that I e.g. on some devices I had to specify the dns server and Sonos doesn’t let you change the settings for dns.

If this is the issue: Is there any way to work around this? I’d like to keep dhcp / dns activated on the cable router for practical reasons.

do you have adblock or something similar installed?

You mean on the router? Or local browser? I was trying to update from a windows machine but I am getting the same error on the ios app.

Did you change network/firewall zones though? Are all your devices in the same zone/subnet as the Sonos? Looks like a DNS issue but it would be hard to understand that all devices work except the Sonos…

I do have sonos behind a turris omnia and update was working for me, i think i had to factory reset the sonks once when update got stuck