Multicast addresses

Multicast addresses

Multicast addressing defines a specific range of address values set aside for them. Therefore all IPv4 multicast addresses should be between and

More information on the concepts behind Multicast addressing can be found in the Multicast Forwarding section.

Multicast IP range

This type of address will allow multicast broadcasts to a specified range of addresses.

Creating a multicast IP range address

  1. Go to Policy & Objects > Addresses.
  2. Select Create New.

l If you use the down arrow next to Create New, select Address.

  1. Choose the Category, Multicast Address
  2. Input a Name for the address object.
  3. Select the Type,Multicast IP Range from the drop-down menu.
  4. Enter the value for the Multicast IP Range
  5. Select the Interface from the drop-down menu.
  6. Enable the Show in Address List function
  7. Input any additional information in the Comments
  8. Press

Example: Multicast IP range address

The company has a large high tech campus that has monitors in many of its meeting rooms. It is common practice for company wide notifications of importance to be done in a streaming video format with the CEO of the company addressing everyone at once.

The video is High Definition quality so takes up a lot of bandwidth. To minimize the impact on the network the network administrators have set things up to allow the use of multicasting to the monitors for these notifications. Now it has to be set up on the FortiGate firewall to allow the traffic.

l The range being used for the multicast is to l The interface on this FortiGate firewall will be on port 9

  1. Go to Policy & Objects> Objects > Addresses and select Create New > Address.
  2. Fill out the fields with the following information
Category Multicast Address
Name Meeting_Room_Displays
Type Multicast IP Range
Multicast IP Range
Interface port9
Show in Address List <enable>
Comments <Input into this field is optional>
  1. Select
  2. Enter the following CLI command:

config firewall multicast-address edit “meeting_room_display” set type multicastrange set associated-interface “port9” set start-ip set end-ip set visibility enable



To verify that the address range was added correctly:

  1. Go to Policy & Objects> Objects > Addresses. Check that the addresses have been added to the address list and that they are correct.
  2. Enter the following CLI command:

config firewall multicast-address


edit <the name of the address that you wish to verify> Show full-configuration

Broadcast subnet

This type of address will allow multicast broadcast to every node on a subnet.

  1. Go to Policy & Objects > Addresses.
  2. Select Create New. A drop down menu is displayed. Select Address.
  3. In theCategory field, choseMulticast Address.
  4. Input a Name for the address object.
  5. In the Type field, select Broadcast Subnetfrom the drop down menu.
  6. In the Broadcast Subnet field enter the address and subnet mask according to the format x.x.x.x/x.x.x.x or the short hand format of x.x.x.x/x.(Remember, it needs to be within the appropriate IP range to
  7. In the Interface field, leave as the default any or select a specific interface from the drop down menu.
  8. Select the desired on/off toggle setting for Show in Address List. If the setting is enabled the address will appear in drop down menus where it is an option.
  9. Input any additional information in the Comments
  10. Press OK.


Field Value
Category Broadcast Subnet
Name Corpnet-B
Type Broadcast Subnet
Broadcast Subnet
Interface any
Show in Address List [on]
Comments Corporate Network devices – Broadcast Group B

Multicast IP addresses

Multicast uses the Class D address space. The to IP address range is reserved for multicast groups. The multicast address range applies to multicast groups, not to the originators of multicast packets. The following table lists the reserved multicast address ranges and describes what they are reserved for:

Reserved Multicast address ranges


Address Range

Use Notes to

Used for network protocols on local networks. For more information, see RFC 1700. In this range, packets are not forwarded by the router but remain on the local network. They have a Time to Live (TTL) of 1. These addresses are used for communicating routing information. to

Global addresses used for multicasting data between organizations and across the Internet. For more information, see RFC 1700. Some of these addresses are reserved, for example, is used for Network Time Protocol (NTP). to

Limited scope addresses used for local groups and organizations. For more information, see RFC 2365. Routers are configured with filters to prevent multicasts to these addresses from leaving the local system.

Creating multicast security policies requires multicast firewall addresses. You can add multicast firewall addresses by going to Firewall Objects > Address > Addresses and selecting Create New > Multicast

Address. The factory default configuration includes multicast addresses for Bonjour (, EIGRP (, OSPF (, all_hosts (, and all_routers (

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Don't Forget To visit the YouTube Channel for the latest Fortinet Training Videos and Question / Answer sessions!
- FortinetGuru YouTube Channel
- FortiSwitch Training Videos

Cybersecurity Videos and Training Available Via: Office of The CISO Security Training Videos