FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
vponmuniraj
Staff
Staff
Article Id 218022
Description This article describes how to configure multicast DNAT when FortiGate is enabled with multicast forwarding.
Scope

FortiGate

Solution

Topology as below:

 

Multicast sender -> FortiGate -> Receiver

 

The example below shows the commands used to configure multicast DNAT when FortiGate is enabled with the multicast forwarder.

 

In this example multicast group, 234.5.6.7 is translated to group 234.5.6.8.

 

Configure DNAT under the multicast policy using CLI: 

 

# config firewall multicast-policy

edit 1

set name "MCAST_Policy"
set srcintf "port6"
set dstintf "port10"
set srcaddr "all"
set dstaddr "all"
set dnat 234.5.6.8<--- Translated multicast group

next

end

 

ResultsMulticast session output

 

# diagnose sys mcast-session list

session info: id=59946 vf=0 proto=17 10.141.0.10.8910->234.5.6.7.8910  <--- Original source & multicast group
used=2 path=1 duration=302 expire=179 indev=8 pkts=536 bytes=32160
state=00000000:
path: dnat ndaddr=234.5.6.8 policy=1, outdev=12 <--- Translated group
Total 1 sessions

 

# diagnose sniffer packet any 'port 8910' 4 2 l
Using Original Sniffing Mode
interfaces=[any]
filters=[port 8910]
2022-07-20 20:31:41.309628 port6 in 10.141.0.10.8910 -> 234.5.6.7.8910: udp 32
2022-07-20 20:31:41.309677 port10 out 10.141.0.10.8910 -> 234.5.6.8.8910: udp 32  <--- Translated group IP sent out

 

 

Contributors