- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
07-22-2018 08:16 PM - last edited on 03-03-2021 09:38 AM by jennaqualls
Background:
I have a trust zone on ethernet1/2 192..168.1.0/24 and an iot zone on ehternet1/4 10.10.10.0/24 and I want to be able to cast things from endpoints (mobile phones and laptops) to the chromecasts on the iot zone.
It seems like multicast (aka mDNS) is the trick however I am not sure I am going the right direction or if this is even possible usng the PA. I am seeing the multicast traffic and it is being allowed but the chromecasts are not showing up unless you are on the same subnet/zone as them.
Here is my current multicast setup, hoping someone has had some luck with this and can point me in the right direction or spot the missing piece of this puzzle:
Anything not pictured is just left as defaults...
Security policy:
I am seeing traffic hit the policy, but I am not seeing the chromecast devices when trying to cast from a device in the trust zone. I am either missing something I am overlooking or this is not going to work but I do see some results on google seraches from people getting this to work with other network equipment (pfsense, cisco, juniper, etc)
TIA!
09-05-2019 10:07 AM
Sorry it is over a year, but I think this is still a relevant problem.
I wasn't able to get this working with the PAN FW, but a solutions (or maybe more a workaround) is to use an Avahi Reflecter.
You basically setup a VM with multiple interfaces, depending on where you want your traffic to go.
This VM basically receives the mDNS traffic and will repeat it over the other networks.
Make sure to tighten the VM to only accept mDNS traffic, so it won't become a rogue router.
Also if you have Apple devices, make sure to turn of caching.
There is a lot of information to be found about this on the Internet, i.e.: http://chrisreinking.com/need-bonjour-across-vlans-set-up-an-avahi-gateway/
09-05-2019 02:01 PM
If mDNS is involved then the multicast group should be 224.0.0.251, destination port 5353. Another point 224.0.0.0/24 is reserved for link-local multicast (e.g OSPF multicast) and cannot be routed between subnets, hence PIM option wont work. Reflector or proxy option should work for you but l haven't done it with Palo
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!