Multicast questions

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Multicast questions

L2 Linker

Hi,

 

I am not famliar with Multicast at all, please forgive my ignorance.

 

I need to replace Fortigate firewalls with Palo Alto devices and the Fortigates are currently running Multicast. There are no "groups" defined on the fortigate, and if I run "get router info multicast pim sparse-mode table" on the fortigate I can see many groups listed.

 

Can someone please explain the nature of groups and how they work?

 

My confusion is that there are no groups explicitly defined on the Fortigate, however, I need to explicitly define groups on the Palo Alto? Do I need to define all groups I see on the Fortigate? Do groups change dynamically or are they static once set (I'm thinking, if I define them on the PAN and they change, will the multicast break)?

 

Any help and explainations greatly appreciated.

 

Thanks,

Shannon

3 REPLIES 3

L3 Networker

I won't pretend to know the configurations in a Fortigate.  However if there are no configurations built for multicast configuration the Fortigate may have a check box for "enable multicast".  It may be configured per network / interface or it may be a global option (I would guess less likely global).

You are probably seeing these groups because it is enabled and those devices are broadcasting their request for the multicast groups.  Similar with managed switches they keep a table of the devices that have "subscribed" to the multicast groups.

 

When multicast will become important on the firewall is when you are routing it between networks (you have phones on VLAN 1 and phones on VLAN 2 but both groups hear the page that is sent from any phone, in this case your firewall is the gateway between the VLANs and must know to route that multicast traffic).

 

I know this isn't a definitive answer to your question but hopefully it will point you in the correct direction.

 

Brian

 

PS make sure to post back with the solution you found

Hi Brian,

 

Thanks for that.

 

Yes the scenario is where video streams from one vlan need to be routed to another vlan (receivers).

 

I guess I am confused as to how to identify what groups the PAN needs to be a member of to make this work.

 

Cheers,

Shannon

Shannon,

 

It looks like there are a couple of ways to configure multicast in PAN OS, doing a google search for "pan firewall multicast" brings up a multiple options.  Unfortunately I haven't played with it at all on PAN firewalls so I don't have any specific advice on it.  A support case might be helpful for some relevant documentation to your situation as well as other peoples experience here.

It may also help to describe what you are doing so people can point you in the right direction. 

 

Brian

  • 3078 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!