This is a question that should be asked in the Ubiquiti community. I feel you will get better answers there than here.

Sonos does not seem to specify this….

https://support.sonos.com/article/using-sonos-with-a-managed-switch

Since you mention Unifi, would this help? https://github.com/IngmarStein/unifi-sonos-doc

​@ber0604 Here’s an answer that may or may not be accurate… It’s AI but it looks like it makes sense. Please do say whether or not this helps as AI is not a great resource just yet!:

To control your Sonos system from the “home” VLAN, you’ll need to allow certain ports and multicast traffic from home → multimedia.

At minimum, allow:

• UDP 5353 (mDNS)
• UDP 1900 (SSDP)
• TCP 1400, 1443, 3400
• UDP 6969, 10293, 10294

Also, make sure multicast traffic (especially mDNS and SSDP) can cross VLANs — enabling the mDNS repeater on your UDM SE will help with this.

You generally don’t need to allow traffic from multimedia → home, unless you hit a specific issue.

Enabling mDNS and IGMP snooping will help, but as far as access rights, those links don’t explain how its done. 

This is a video that can help with the explanation:

Just move the devices you want to run the apps onto the same VLAN as your Sonos gear - they are much more of a security risk than your Sonos devices anyway.