Technical Tip: Forwarding multicast traffic in NAT mode
| Description | This article describes how to configure multicast traffic forwarding on a FortiGate. Multicast enables the efficient delivery of data to multiple recipients simultaneously using a single transmission stream. Multicast is commonly used in applications such as real-time video/audio streaming and IPTV. This feature allows forwarding multicast streams statically between the FortiGate interfaces from the multicast routers and sources to the multicast receivers; however, it is not intended for routing multicast traffic using dynamic multicast routing protocols. Note: Enabling both multicast forwarding and multicast routing simultaneously on the same device or VDOM is not recommended. Multicast forwarding treats the traffic statically, while routing uses dynamic protocol decisions such as reverse path forwarding (RPF) checks. |
| Scope | FortiGate allows multicast flow from a multicast router or source at port2 to a multicast receiver at port1. |
| Solution | Step 1: Enabling multicast forwarding. By default, Multicast Forwarding is enabled on FortiGate devices, and the multicast-forward setting must be used to enable or disable multicast forwarding. Enable multicast forwarding from the CLI using the following commands: config system setting set multicast-forward enable end Prevent the TTL for forwarded packets from being changed. To preserve TTL values for forwarded multicast packets, use the multicast-ttl-notchange option. Enable it only if packets expire prematurely before reaching the multicast router. config system settings set multicast-ttl-notchange enable end Step 2: Configure the multicast policy. In a multicast policy, the source interface refers to the interface where the multicast receiver—such as an IPTV box—is located, while the destination interface is where the multicast router or source resides. The multicast group(s) are selected in the destination field. From the GUI: Navigate to Policy & Objects -> Multicast Policy -> Create New. Select the source and destination interfaces with the source and destination IP addresses. Note: If the Multicast tab is not seen, then navigate to System -> Feature Visibility, and enable Multicast Policy. 
From the CLI: config firewall multicast-policy edit 1 set srcintf port1 set dstintf port2 set srcaddr all set dstaddr all next end Note:
|