Multicast forwarding and FortiGate units
To configure the FortiGate-800 unit
1. Configure the internal and external interfaces.
Internal
Go to System > Network > Interfaces. Select the internal interface.
Verify the following settings:
Type: Physical Interface
Addressing mode: Manual
IP/Network Mask: 10.31.138.253 255.255.255.0
Administrative Access: PING
Select OK.
External
Go to System > Network > Interfaces. Select the external interface.
Verify the following settings:
| Type: | Physical Interface | |
| Addressing mode: | Manual | |
| IP/Network Mask: | 10.31.130.253 255.255.255.0 | |
| Administrative Access: | HTTPS and PING | |
|
2. |
Select OK.
Add a firewall addresses. |
Go to Policy & Objects> Objects > Addresses.
RP
Select Create New.
Use the following settings:
Category: Address
Name: RP
Type: Subnet
Subnet/IP Range: 169.254.100.1/32
Interface: Any
Visibility: <enabled>
Select OK.
Multicast source subnet
Select Create New.
Use the following settings:
Category: Address
Name: multicast_source_subnet
Type: Subnet
Subnet/IP Range: 169.254.82.0/24
Interface: Any
Visibility: <enabled>
Select OK.
3. Add destination multicast address
Go to Policy & Objects> Objects > Addresses.
Select Create New.
Use the following settings:
Category: Multicast Address
Name: Multicast_stream
Type: Broadcast Subnet
Broadcast Subnet: 233.254.200.0/24
Interface: Any
Visibility: <enabled>
Select OK.
4. Add standard security policies to allow traffic to reach the RP.
Go to Policy & Objects > Policy > IPv4.
1st policy
Select Create New
Use the following settings:
Incoming Interface: internal
Source Address: all
Outgoing Interface: external
Destination Address: RP
Schedule: always
Service: ALL
Action: ACCEPT Select OK.
2nd policy
Select Create New
Use the following settings:
Incoming Interface: external
Source Address: RP
Outgoing Interface: internal
Destination Address: all
Schedule: always
Service: ALL
Action: ACCEPT
Select OK.
5. Add the multicast security policy.
Go to Policy & Objects > Policy > Multicast. Select Create New.
Use the following settings:
Incoming Interface: external
Source Address: multicast_source_subnet
Outgoing Interface: internal
Destination Address: multicast_stream
Protocol: Any
Action: ACCEPT
Select OK.
6. Add an access list. (CLI only)
config router access-list edit Source-RP
config rule edit 1
set prefix 233.254.200.0 255.255.255.0 set exact-match disable
next end
7. Add some static routes.
Go to Router > Static > Static Routes.
|
l Route 1
Select Create New. |
||
| Use the following settings: | ||
| Destination IP/Mask: | 0.0.0.0/0.0.0.0 | |
| Device: | internal | |
| Gateway: | 10.31.130.250 | |
| Distance: | <default> | |
| Priority: | <default> | |
|
Select OK. |
||
| l Route 2
Select Create New. |
||
| Use the following settings: | ||
| Destination IP/Mask: | 169.254.0.0/16 | |
| Device: | external | |
| Gateway: | 10.31.138.250 | |
| Distance: | <default> | |
| Priority: | <default> | |
|
Select OK. |
||
| 8. | Configure multicast routing. |
Go to Router > Dynamic > Multicast.
Add the following Static Rendezvous Point(s):
- 169.254.100.1
Route 1
Select Create New.
Use the following settings:
Interface: internal
PIM Mode: Sparse Mode
DR Priority: <not needed in this scenario>
RP Candidate: <not needed in this scenario>
RP Candidate Priority: <not needed in this scenario>
Select OK.
Route 2
Select Create New.
Use the following settings:
Interface: external
PIM Mode: Sparse Mode
DR Priority:
RP Candidate:
RP Candidate Priority:
Select OK.
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!
Don't Forget To visit the YouTube Channel for the latest Fortinet Training Videos and Question / Answer sessions!
- FortinetGuru YouTube Channel
- FortiSwitch Training Videos
Cybersecurity Videos and Training Available Via: Office of The CISO Security Training Videos
Leave a Reply