https://live.paloaltonetworks.com/t5/general-topics/multicast-with-chromecasts-confusion/m-p/286791#M76649 <P>Sorry it is over a year, but I think this is still a relevant problem.</P><P>&nbsp;</P><P>I wasn't able to get this working with the PAN FW, but a solutions (or maybe more a workaround) is to use an Avahi Reflecter.</P><P>You basically setup a VM with multiple interfaces, depending on where you want your traffic to go.</P><P>This VM basically receives the mDNS traffic and will repeat it over the other networks.&nbsp;</P><P>&nbsp;</P><P>Make sure to tighten the VM to only accept mDNS traffic, so it won't become a rogue router.</P><P>Also if you have Apple devices, make sure to turn of caching.</P><P>&nbsp;</P><P>There is a lot of information to be found about this on the Internet, i.e.:&nbsp;<A href="http://chrisreinking.com/need-bonjour-across-vlans-set-up-an-avahi-gateway/" target="_blank">http://chrisreinking.com/need-bonjour-across-vlans-set-up-an-avahi-gateway/</A></P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 05 Sep 2019 17:07:03 GMT robmaas 2019-09-05T17:07:03Z https://live.paloaltonetworks.com/t5/general-topics/multicast-with-chromecasts-confusion/m-p/223212#M64162 <P>Background:</P> <P>&nbsp;</P> <P>I have a trust zone on ethernet1/2 192..168.1.0/24 and an iot zone on ehternet1/4 10.10.10.0/24 and I want to be able to cast things from endpoints (mobile phones and laptops) to the chromecasts on the iot zone.</P> <P>&nbsp;</P> <P>It seems like multicast (aka mDNS) is the trick however I am not sure I am going the right direction or if this is even possible usng the PA. I am seeing the multicast traffic and it is being allowed but the chromecasts are not showing up unless you are on the same subnet/zone as them.</P> <P>&nbsp;</P> <P>Here is my current multicast setup, hoping someone has had some luck with this and can point me in the right direction or spot the missing piece of this puzzle:</P> <P>&nbsp;</P> <P><SPAN>&nbsp;<span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="multicast1.jpg" style="width: 800px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/16005i0E984AAB2A510215/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="multicast1.jpg" alt="multicast1.jpg" /></span></SPAN></P> <P><SPAN>&nbsp;</SPAN></P> <P><SPAN><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="multicast2.jpg" style="width: 800px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/16006i9396AD2B26233620/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="multicast2.jpg" alt="multicast2.jpg" /></span></SPAN></P> <P>&nbsp;</P> <P><SPAN>Anything not pictured is just left as defaults...</SPAN></P> <P>&nbsp;</P> <P><SPAN>Security policy:</SPAN></P> <P>&nbsp;</P> <P><SPAN><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="secpol.jpg" style="width: 800px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/16007i8458DC8529004478/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="secpol.jpg" alt="secpol.jpg" /></span></SPAN></P> <P>&nbsp;</P> <P><SPAN>I am seeing traffic hit the policy,&nbsp;but I am not seeing the chromecast devices when trying to cast from a device in the trust zone. I am either missing something I am overlooking or this is not going to work but I do see some results on google seraches from people getting this to work with other network equipment (pfsense, cisco, juniper, etc)</SPAN></P> <P>&nbsp;</P> <P><SPAN>TIA!</SPAN></P> Wed, 03 Mar 2021 17:38:46 GMT https://live.paloaltonetworks.com/t5/general-topics/multicast-with-chromecasts-confusion/m-p/223212#M64162 hshawn 2021-03-03T17:38:46Z https://live.paloaltonetworks.com/t5/general-topics/multicast-with-chromecasts-confusion/m-p/286791#M76649 <P>Sorry it is over a year, but I think this is still a relevant problem.</P><P>&nbsp;</P><P>I wasn't able to get this working with the PAN FW, but a solutions (or maybe more a workaround) is to use an Avahi Reflecter.</P><P>You basically setup a VM with multiple interfaces, depending on where you want your traffic to go.</P><P>This VM basically receives the mDNS traffic and will repeat it over the other networks.&nbsp;</P><P>&nbsp;</P><P>Make sure to tighten the VM to only accept mDNS traffic, so it won't become a rogue router.</P><P>Also if you have Apple devices, make sure to turn of caching.</P><P>&nbsp;</P><P>There is a lot of information to be found about this on the Internet, i.e.:&nbsp;<A href="http://chrisreinking.com/need-bonjour-across-vlans-set-up-an-avahi-gateway/" target="_blank">http://chrisreinking.com/need-bonjour-across-vlans-set-up-an-avahi-gateway/</A></P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 05 Sep 2019 17:07:03 GMT https://live.paloaltonetworks.com/t5/general-topics/multicast-with-chromecasts-confusion/m-p/286791#M76649 robmaas 2019-09-05T17:07:03Z https://live.paloaltonetworks.com/t5/general-topics/multicast-with-chromecasts-confusion/m-p/286825#M76654 <P>If mDNS is involved then the multicast group should be 224.0.0.251, destination port 5353. Another point&nbsp;<SPAN>224.0.0.0/24 is reserved for link-local</SPAN><SPAN>&nbsp;multicast (e.g OSPF multicast) and cannot be routed between subnets, hence PIM option wont work. Reflector or proxy option should work for you but l haven't done it with Palo&nbsp;</SPAN></P> Thu, 05 Sep 2019 21:01:50 GMT https://live.paloaltonetworks.com/t5/general-topics/multicast-with-chromecasts-confusion/m-p/286825#M76654 myky 2019-09-05T21:01:50Z