IGMP Membership report sent with a source IP of 0.0.0.0 is getting dropped/discarded by the FortiGate devices running kernel 4.19.13.

To find out the kernel version on FortiGate, run the command below:

FGT # fnsysctl cat /proc/version
Linux version 4.19.13 (root@build) (gcc version 10.3.0 (GCC)) #1 SMP Mon Sep 16 18:52:53 America 2024

Due to this behavior, the servers do not receive the multicast stream. The packet with source IP 0.0.0.0 can be seen in packet capture, but the IGMP daemon does not process the packet.

FGT # diagnose sniff packet any 'igmp' 4
interfaces=[any]
filters=[igmp]
6.126795 port1 in 0.0.0.0 -> 239.100.100.100: ip-proto-2 8
^C
1 packets received by filter
0 packets dropped by kernel

FGT # get router info multicast igmp groups
<blank_output>

The debug flow reports that the packet is discarded due to the reason 'ip_sessoin_handle_no_dst'.

id=65308 trace_id=1 func=print_pkt_detail line=5862 msg="vd-root:0 received a packet(proto=2, 0.0.0.0:0->239.100.100.100:0) tun_id=0.0.0.0 from port1 . "
id=65308 trace_id=1 func=init_ip_session_common line=6047 msg="allocate a new session-00002076"
id=65308 trace_id=1 func=ip_session_handle_no_dst line=6133 msg="trace"

Note that the IGMP membership table is updated correctly if the request comes from a source IP other than 0.0.0.0.

FGT # get router info multicast igmp groups
IGMP Connected Group Membership
Group Address Interface Uptime Expires Last Reporter
239.100.100.100 port1 00:00:29 00:03:50 10.90.15.208

This is a known issue and has been resolved in FortiOS v7.2.11, v7.4.6, and v7.6.1.

Resolved issues v7.6.1

Resolved issues v7.4.6

Resolved issues v7.2.11