Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
amalsky
Staff
Staff

Created on ‎12-28-2024 10:50 PM

Article Id 365749

Technical Tip: How to configure IPv6 multicast using a static RPs

 

Description This article outlines the key configuration steps for IPv6 multicast using a static Rendezvous Point.
Scope FortiGate v7.2, v7.4,v7.6.
Solution

Multicast for IPv6 can be configured using static Rendezvous Points (RPs). Here is an overview of the significant steps in a basic topology:

This setup has three routers: R1, R2, and R3. R1 will receive the multicast stream, R2 will relay the multicast traffic between R1 and R3, and R3 will serve as the Rendezvous Point (RP).

 

Diagram:

 

Screenshot 2024-12-27 alle 14.50.32.png

 

Enable Multicast Routing:

 

Multicast routing is disabled by default in FortiGate. It is necessary to enable it globally.

On all FortiGates:

 

config router multicast
    set multicast-routing enable
end

 

Configure Interfaces for Multicast:

R1 Configuration (Receiver):

 

config system interface
    edit "port1"
        set vdom "root"
              set ip X.X.X.X y.y.y.y <----- Here it has been used an IPV4 address to get Management access, it is not relevant to the scope of this article.

         set allowaccess ping https ssh http telnet fgfm
         set type physical
         set snmp-index 1
     config ipv6
          set ip6-address 2001:12::1/64
          set ip6-allowaccess ping https ssh HTTP

      end

  next

 

R2 Configuration (Router):

 

config system interface

    edit "loopback0"
        set vdom "root"
        set type loopback
        set snmp-index 15
      config ipv6
          set ip6-address 2001::2/128
          set ip6-allowaccess ping https ssh http

   next
end

 

R3 Configuration (Static RP):

 

config system interface

    edit "loopback0"
        set vdom "root"
        set type loopback
        set snmp-index 15
     config ipv6
         set ip6-address 2001::3/128
         set ip6-allowaccess ping https ssh http

      next
end

 

Configure Static RP on R2 and R1:

R1:

 

config router multicast6
    set multicast-routing enable

       set multicast-pmtu disable
    config interface
        edit "port1"
            set hello-interval 30
        next

    end

    config pim-sm-global

        config rp-address
            edit 1
                set ip6-address 2001::3
             next            

          end

      end

end

 

R2:


config router multicast6
    set multicast-routing enable

       set multicast-pmtu disable
    config interface
        edit "port1"
            set hello-interval 30
        next

              edit "port2"

                     set hello-interval 30

        next

        edit "loopback0"

            set hello-interval 30

            set hello-holdtime 105

        next
     end
     config pim-sm-global
         config rp-address
             edit 1
                 set ip6-address 2001::3
             next
          end
      end

end

 

OSPFv3 is configured on all routers, and the two loopback interfaces are redistributed. For simplicity, the OSPF process is defined in Area 0.

 

Additionally, if not already present, firewall policies are required; otherwise, traffic will not flow.

 

Verification Steps:

Verify OSPFv3 Neighbors:

 

R1 # get router info6 ospf neighbor
OSPFv3 Process (root)
Neighbor ID Pri State       Dead Time Interface Instance ID
2.2.2.2      1  Full/Backup 00:00:40    port1       0
3.3.3.3      1  Full/DR     00:00:31    port1       0

R2 # get router info6 ospf neighbor
OSPFv3 Process (root)
Neighbor ID Pri State         Dead Time Interface Instance ID
1.1.1.1      1  Full/DROther  00:00:35    port1      0
3.3.3.3      1  Full/DR       00:00:34    port1      0

 

Verify the Multicast Routing Table on R1 and R3:

 

R1 # get router info6 multicast pim sparse-mode neighbor
Neighbor              Interface  Uptime/Expires     Ver  DR
Address                                                  Prio/Mode
fe80::e01:8eff:fe9d:0  port1     03:31:42/00:01:33  v2    1 /
fe80::ef6:98ff:fe3d:0  port1     03:45:33/00:01:42  v2    1 / DR

R2 # get router info6 multicast pim sparse-mode neighbor
Neighbor              Interface  Uptime/Expires     Ver  DR
Address                                                  Prio/Mode
fe80::e01:8eff:fe9d:0  port1     03:34:23/00:01:22  v2    1 /
fe80::e9a:c2ff:fe24:0  port1     03:48:14/00:01:44  v2    1 /

 

To generate Multicast Traffic on R3, ping the multicast group:

 

execute ping6 ff07::7

 

Multicast IPV6 Firewall Policy to Allow Traffic:

 

config firewall multicast-policy6
    edit 1

        set srcintf "any"
        set dstintf "any"
        set srcaddr "all"
        set dstaddr "all"
     next
end

 

 

 

186
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.