Description
This article describes that multicast forwarding is used to forward multicast packets between multicast routers and receivers, enabling efficient distribution of data to multiple recipients simultaneously. Applications and services that involve real-time streaming, multimedia content delivery, audio/video conferencing, IPTV, online gaming, and content distribution networks (CDNs) often rely on multicast forwarding to efficiently distribute data to multiple recipients. This knowledge article explains how to forward multicast traffic on a FortiGate device.
Note: Enabling both Multicast Forwarding and Routing simultaneously on the same device or VDOM is not recommended. In the case of multicast traffic, Multicast Forwarding should be enabled when the FortiGate is operating in NAT mode and the objective is to forward multicast packets between multicast routers and receivers. However, it is not advisable to enable Multicast Forwarding when the FortiGate itself is functioning as a multicast router or participating in a routing protocol that utilizes multicast.
Scope
FortiOS.
Solution
It is assumed that multicast traffic needs to be allowed from Port1 to Port2.
Procedure
Step 1:
Procedure
Step 1:
Enabling multicast forwarding
By default, Multicast Forwarding is enabled on FortiGate devices and the multicast-forward setting must be used to enable or disable multicast forwarding.
Enable multicast forwarding from CLI using the following commands:
Enable multicast forwarding from CLI using the following commands:
config system setting
set multicast-forward enable
end
set multicast-forward enable
end
Prevent the TTL for forwarded packets from being changed
To preserve TTL values for forwarded multicast packets, use the multicast-ttl-notchange option. Enable it only if packets expire prematurely before reaching the multicast router.
config system settings
set multicast-ttl-notchange enable
end
Step 2:
Configure multicast policy for source and destination.
This multicast policy only applies to the source interface port1 and the destination interface port2.
This multicast policy only applies to the source interface port1 and the destination interface port2.
From GUI:
Navigate to Policy & Objects -> Multicast -> Create New. Select the source and destination interface with the source and destination IP address.
Note: If the Multicast tab is not seen then navigate to System -> Config -> Features. Enable Multicast policy to get it on the GUI (image attached).
Navigate to Policy & Objects -> Multicast -> Create New. Select the source and destination interface with the source and destination IP address.
Note: If the Multicast tab is not seen then navigate to System -> Config -> Features. Enable Multicast policy to get it on the GUI (image attached).
From CLI:
config firewall multicast-policy
edit 1
set srcintf port1
set dstintf port2
set srcaddr all
set dstaddr all
next
end
edit 1
set srcintf port1
set dstintf port2
set srcaddr all
set dstaddr all
next
end
