Multicast forwarding and FortiGate units

Leave a reply

To configure the FortiGate-800 unit

 

1. Configure the internal and external interfaces.

Internal

Go to System > Network > Interfaces. Select the internal interface.

Verify the following settings:

Type:                                          Physical Interface

Addressing mode:                    Manual

IP/Network Mask:                      10.31.138.253 255.255.255.0

Administrative Access:            PING

Select OK.

External

Go to System > Network > Interfaces. Select the external interface.

Verify the following settings:

 

Type: Physical Interface
Addressing mode: Manual
IP/Network Mask: 10.31.130.253 255.255.255.0
Administrative Access: HTTPS and PING
 

 

 

2.

  

Select OK.

 

Add a firewall addresses.

 

Go to Policy & Objects> Objects > Addresses.

RP

Select Create New.

Use the following settings:

Category:                                   Address

Name:                                         RP

Type:                                          Subnet

Subnet/IP Range:                      169.254.100.1/32

Interface:                                    Any

Visibility:                                    <enabled>

Select OK.

Multicast source subnet

Select Create New.

Use the following settings:

Category:                                   Address

Name:                                         multicast_source_subnet

Type:                                          Subnet

Subnet/IP Range:                      169.254.82.0/24

Interface:                                    Any

Visibility:                                    <enabled>

Select OK.

3. Add destination multicast address

Go to Policy & Objects> Objects > Addresses.

Select Create New.

Use the following settings:

Category:                                   Multicast Address

Name:                                         Multicast_stream

Type:                                          Broadcast Subnet

Broadcast Subnet:                    233.254.200.0/24

Interface:                                    Any

Visibility:                                    <enabled>

Select OK.

4. Add standard security policies to allow traffic to reach the RP.

 

Go to Policy & Objects > Policy > IPv4.

1st policy

Select Create New

Use the following settings:

Incoming Interface:                  internal

Source Address:                       all

Outgoing Interface:                  external

Destination Address:               RP

Schedule:                                   always

Service:                                      ALL

Action:                                        ACCEPT Select OK.

2nd policy

Select Create New

Use the following settings:

Incoming Interface:                  external

Source Address:                       RP

Outgoing Interface:                  internal

Destination Address:               all

Schedule:                                   always

Service:                                      ALL

Action:                                        ACCEPT

Select OK.

5. Add the multicast security policy.

Go to Policy & Objects > Policy > Multicast. Select Create New.

Use the following settings:

Incoming Interface:                  external

Source Address:                       multicast_source_subnet

Outgoing Interface:                  internal

Destination Address:               multicast_stream

Protocol:                                    Any

Action:                                        ACCEPT

Select OK.

6. Add an access list. (CLI only)

config router access-list edit Source-RP

config rule edit 1

set prefix 233.254.200.0 255.255.255.0 set exact-match disable

next end

7. Add some static routes.

 

Go to Router > Static > Static Routes.

 

 

 

l  Route 1

 

Select Create New.
Use the following settings:
Destination IP/Mask: 0.0.0.0/0.0.0.0
Device: internal
Gateway: 10.31.130.250
Distance: <default>
Priority: <default>
 

Select OK.
l  Route 2

 

Select Create New.
Use the following settings:
Destination IP/Mask: 169.254.0.0/16
Device: external
Gateway: 10.31.138.250
Distance: <default>
Priority: <default>
 

Select OK.
8. Configure multicast routing.

 

Go to Router > Dynamic > Multicast.

Add the following Static Rendezvous Point(s):

  • 169.254.100.1

Route 1

Select Create New.

Use the following settings:

Interface:                                    internal

PIM Mode:                                  Sparse Mode

DR Priority:                                <not needed in this scenario>

RP Candidate:                           <not needed in this scenario>

RP Candidate Priority:             <not needed in this scenario>

Select OK.

Route 2

Select Create New.

Use the following settings:

Interface:                                    external

PIM Mode:                                  Sparse Mode

DR Priority:

RP Candidate:

RP Candidate Priority:

Select OK.


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Pages: 1 2 3 4 5
This entry was posted in Fortinet GURU, FortiOS 5.4 Handbook on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.