cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

mDNS (Apple Bounjour) between two VLANs through a PA

Announcements

Changes to the LIVEcommunity experience are coming soon... Here's what you need to know.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Reply
myrdin
L2 Linker
‎09-13-2016 10:39 PM
‎09-13-2016 10:39 PM

mDNS (Apple Bounjour) between two VLANs through a PA

Hi,

 

this is the scenario:

 

- a PA with two physical L3 interfaces (1 zone per interface, 1 subnet per interface, we call them A and B).

- I have a device in Subnet A which is an Airport thing with a printer attached. Devices in Subnet A they can discover the printer via the Apple Bonjour service

- Devices in Subnet B cannot discover the printer in subnet A

- Traffic from/to these two subnets is completely allowed, no restrictions whatsover, and no NAT.

- Both subnets and devices have the PA interface as default gateway

- i am running 7.1

 

What i did:

 

- in network-router, i edited the existing virtual router, went to "Multicast" and enabled Multicast. - 

- RP Static, RP Interface is the Subnet A interface, RP Address the Subnet A interface address

- Group list: 224.0.0.0/4

- Remote Rendevous point: empty

Interfaces: Subnet A interface, Subnet B Interface IGMP/PIM enabled

- added policy from Subnet A zone and Subnet B zone to "Multicast" zone all allowed

- and committed

 

Still from Subnet B i cannot see the airport via the multicast Bonjour service. Ideas?

 

thanks heaps

 

1 person had this problem.
0 Likes
Reply
RFalconer
L3 Networker
‎09-15-2016 09:27 AM
‎09-15-2016 09:27 AM

By default, Bounjour only works in a single broadcast domain so it won't traverse the firewall.

To get Bonjour to work across subnets, you need to use wide area Bonjour by creating specific DNS entries. 

0 Likes
Reply
myrdin
L2 Linker
‎09-20-2016 02:29 AM
‎09-20-2016 02:29 AM

thanks RFalconer. 

 

after a lot more reading, i found out that Bonjour sets ttl=1 by default so crossing a router, although possible, will decrease ttl to 0 and the packet it is discarded. This is by design.

 

Multicast routing although possible, it will not serve this purpose hence it won't work.

 

The only way to handle this is to use a bonjour gateway which is a feature some vendors offer, like Aruba or Cisco Meraki. 

 

 

Reply
REganEVO
L1 Bithead
‎05-24-2019 06:05 PM
‎05-24-2019 06:05 PM

How can this be accomplished? Can you forward local mDNS queries (224.0.0.251) to something routable (224.0.1.251)? Is that what you're suggesting to cross zones?

0 Likes
Reply
jdanjuma
L1 Bithead
‎08-27-2020 12:54 PM
‎08-27-2020 12:54 PM

If you are reading this in 2020, support for Bonjour has been added to PAN-OS version 10.0.1.

0 Likes
Reply
Ricky_Wang
L0 Member
‎09-01-2020 10:34 PM
‎09-01-2020 10:34 PM

When will PAN-OS 10.0.1 be released? 

0 Likes
Reply
jdanjuma
L1 Bithead
‎09-02-2020 11:24 AM
‎09-02-2020 11:24 AM

Mid-September is the estimated target.

0 Likes
Reply
Ricky_Wang
L0 Member
‎09-03-2020 08:53 PM
‎09-03-2020 08:53 PM

10.0.1 just landed, however this feature is only supported on PA-220, PA-800 and PA-3200...  It is not supported on PA-VM.

0 Likes
Reply
fb-pan
L2 Linker
‎09-13-2020 02:46 AM
‎09-13-2020 02:46 AM

I did some testing on a PA 220. It works well so far.

0 Likes
Reply
JerzyKolysz
L1 Bithead
‎09-14-2020 06:59 AM
‎09-14-2020 06:59 AM

Can You give some instructions please ? Is there any official paper ? 

0 Likes
Reply
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

Latest Blogs
Latest Posts
Privacy Policy Terms of Use
Copyright 2007 - 2021 - Palo Alto Networks