Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
akileshc
Staff
Staff

Created on ‎10-17-2021 06:49 AM Edited on ‎08-20-2024 03:14 AM By Moderator

Article Id 193090

Technical Tip: Create a static IGMP group entry

Description


This article describes how to use static-group (multicast-flow) entries on the specific interface to have static multicast IGMP group entries on Firewall.

 

Scope


FortiGate.

 

Solution

 

Overview.
  • When an IGMP-enabled networking unit (FortiGate) gets a join request for a specific group, it sends all IP multicast traffic it receives for that group through the port on which the join request was received.
  • When the user is ready to leave the multicast group, it sends a 224.0. 0.2 IGMP Leave Group message to the network and no longer belongs to the group. When a leave request is detected, the relevant IGMP device stops transmitting traffic for the specified multicast group via the port where the leave request was received (if there are no other current members of that group on the affected port.).
  • Creating a static IGMP group entry ensures that FortiGate will preserve this IGMP group information for a given group and interface and will continue to deliver the multicast stream over the designated interface.
 
CLI syntax.
 
config router multicast-flow
edit "static-group"
config flows
edit 1
set group-addr 239.0.0.1
set source-addr 10.120.7.230
next
end
next
end
 
config router multicast
    set multicast-routing enable
        config interface
            edit "port1"
                set pim-mode sparse-mode
                set static-group "static-group"
            next
        end
end
 
It is only necessary to specify the source address, if the source transmitter IP is known, if multiple sources is transmitting to the same group and only want to perform the join to a specific source, or if using Source Specific Multicast (SSM). Otherwise do not specify the source.
If using SSM, it also needs to be specified under config router multicast, and the interfaces must be configured to use IGMP version 3:
 
config router multicast
    set multicast-routing enable
        config pim-sm-global
            set ssm enable
        end
        config interface
            edit "your interface"
                set pim-mode sparse-mode
        end
        config igmp
            set version 3 (default)
end
 
 
To verify the entry.
 
get router info multicast igmp groups 239.0.0.1
IGMP Connected Group Membership
Group Address Interface Uptime Expires Last Reporter
239.0.0.1 port1 00:18:40 stopped(static) 0.0.0.0 <- Statically Added IGMP group Info
Labels:
5211
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.