How to Block Multicast in VWire Mode

How to Block Multicast in VWire Mode

15068
Created On 09/25/18 17:58 PM - Last Modified 06/13/23 13:42 PM


Resolution


By default, a Palo Alto Networks firewall will not block multicast traffic when configured in VWire Mode. To block multicast packets:

  • Configure a VWire with multicast firewalling enabled

image001.png

  • Configure the ports to use for the VWire and the zones

image003.png

  • Configure the policies to allow viewing the VWire traffic and block the unwanted multicast. The block policy needs to be above the allowed policy. The allow policy will allow the administrator to view the multicast traffic.

image005.png

  • Connect the prots to the VWire. The port from the switch on one port, connect the port on the Palo Alto Networks to the other side of the VWire
  • Commit the changes and confirm that multicast is blocked by looking at the traffic logs

image008.jpg

 

ownew: nayubi
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClMBCA0&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language