11-25-2019 01:25 AM
Hi all,
i'm finally converting an old Juniper ScreenOS firewall to a PaloAlto firewall (5020). I have some problem to understand how to convert some Multicast static Routes.
On screen os i have this specific entry for ex:
GUI:
Type: Static, Forwarding
Source IP: 192.168.100.126
Mgroup: 239.0.0.2
Incoming Interface: eth3/6.3
Outgoing interface: eth3/6.2
cli:
set mroute mgroup 239.0.0.2 source 192.168.100.126 iif ethernet3/6.3 oif ethernet3/6.2
Multicast policy:
Source:12
Destination: empty
Messages: IGMP
Bidirectional: yes
set access-list 12
set access-list 12 permit ip 239.0.0.2/32 10
set access-list 12 permit ip 239.0.0.3/32 20
Can you help me how to configure this on PaloAlto?
Thnxxx a lot
Gianpiero
03-31-2022 08:24 AM
Recently we faced a similar scenario where multicast routes need to be converted to Palo Alto format. For Juniper ScreenOS firewall to a PaloAlto firewall (5200) series conversion.
Only relevant article we could find:
Here is cli o/p:
set mroute multiple-iif-enable
set mroute mgroup 200.X.X.X source 0.0.0.0 iif aggregate2 oif aggregate1
Can Palo Alto please reply?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
