This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
Accept
Reject

mDNS (Apple Bounjour) between two VLANs through a PA

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

mDNS (Apple Bounjour) between two VLANs through a PA

myrdin
L2 Linker

‎09-13-2016 10:39 PM - edited ‎09-13-2016 10:41 PM

Hi,

 

this is the scenario:

 

- a PA with two physical L3 interfaces (1 zone per interface, 1 subnet per interface, we call them A and B).

- I have a device in Subnet A which is an Airport thing with a printer attached. Devices in Subnet A they can discover the printer via the Apple Bonjour service

- Devices in Subnet B cannot discover the printer in subnet A

- Traffic from/to these two subnets is completely allowed, no restrictions whatsover, and no NAT.

- Both subnets and devices have the PA interface as default gateway

- i am running 7.1

 

What i did:

 

- in network-router, i edited the existing virtual router, went to "Multicast" and enabled Multicast. - 

- RP Static, RP Interface is the Subnet A interface, RP Address the Subnet A interface address

- Group list: 224.0.0.0/4

- Remote Rendevous point: empty

Interfaces: Subnet A interface, Subnet B Interface IGMP/PIM enabled

- added policy from Subnet A zone and Subnet B zone to "Multicast" zone all allowed

- and committed

 

Still from Subnet B i cannot see the airport via the multicast Bonjour service. Ideas?

 

thanks heaps

 

1 person had this problem.
0 Likes Likes
20 REPLIES 20

RFalconer
L3 Networker

‎09-15-2016 09:27 AM

By default, Bounjour only works in a single broadcast domain so it won't traverse the firewall.

To get Bonjour to work across subnets, you need to use wide area Bonjour by creating specific DNS entries. 

0 Likes Likes

myrdin
L2 Linker
In response to RFalconer

‎09-20-2016 02:29 AM

thanks RFalconer. 

 

after a lot more reading, i found out that Bonjour sets ttl=1 by default so crossing a router, although possible, will decrease ttl to 0 and the packet it is discarded. This is by design.

 

Multicast routing although possible, it will not serve this purpose hence it won't work.

 

The only way to handle this is to use a bonjour gateway which is a feature some vendors offer, like Aruba or Cisco Meraki. 

 

 

REganEVO
L1 Bithead
In response to RFalconer

‎05-24-2019 06:05 PM

How can this be accomplished? Can you forward local mDNS queries (224.0.0.251) to something routable (224.0.1.251)? Is that what you're suggesting to cross zones?

0 Likes Likes

jdanjuma
L1 Bithead

‎08-27-2020 12:54 PM - edited ‎08-27-2020 12:55 PM

If you are reading this in 2020, support for Bonjour has been added to PAN-OS version 10.0.1.

0 Likes Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Copyright 2007 - 2023 - Palo Alto Networks