Description
This article describes how to configure Apple Airprint between two subnets configured on different interfaces.
Scope
FortiGate.
Solution
Configuration.
1) Enable Multicast forwarding:
# config system settings
set multicast-forward enable
end
2) Interface configuration:
Two different interface having two different IP addresses assigned.
# config system interface
edit "internal1"
set vdom "root"
set ip 192.168.1.1 255.255.255.0
set allowaccess ping https ssh snmp http fgfm ftm
set type physical
set device-identification enable
set device-identification-active-scan enable
next
edit "internal7"
set vdom "root"
set ip 192.168.2.1 255.255.255.0
set allowaccess ping https ssh
set type physical
set device-identification enable
next
end
3) Configuring Multicast Policies:
# config firewall multicast-policy
edit 1
set logtraffic enable
set srcintf "internal1"
set dstintf "internal7"
set srcaddr "all"
set dstaddr "Bonjour" "EIGRP" "OSPF"
set protocol 17
set end-port 5353
next
edit 2
set logtraffic enable
set srcintf "internal7"
set dstintf "internal1"
set srcaddr "all"
set dstaddr "Bonjour" "EIGRP" "OSPF"
set protocol 17
set end-port 5353
next
end
4) Check if multicast routing is enabled or not:
# config router multicast
set multicast-routing disable
end
Note.
If multicast routing is enabled, the traffic receives on the internal1 interface but not forwarded out of the internal7 interface.
The reason is that the destination IP, with the packets received on FortiGate, is part of 'Local Network Control Block' and by default it's not forwarded out of the L3 interface.
It is also necessary to have a normal IPv4 firewall policy between these 2 different interfaces as once the device is detected the traffic becomes unicast traffic.
Related article:
Technical Note : Extending AirPlay and AirPrint communication
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.