In order to allow Spotify, you need to exclude it from Authentication and open some additional ports.
Spotify will not connect for network users as it doesn't support NTLM authentication.
Although the Spotify domain is part of the Audio and Video standard category, you need to create a separate custom category containing just Spotify "stuff" for this to work.
- Create a new category in Guardian » Policy objects » Categories called Spotify.
- Add the following to Domain/URL filtering:
- Who Add the users or groups you wish it to apply to, or select Everyone
- What Spotify (which you have just created)
- Where Add the locations you wish it to apply to, or Everywhere
- When Add the times you wish it to apply at, or Always
- Action Whitelist
1935to an accept rule on your firewall, along with common port groups.