Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
sdabhade
Staff
Staff

Created on ‎04-28-2022 11:39 AM Edited on ‎02-09-2024 05:27 AM By Community Manager

Article Id 210833

Technical Tip: PIM SSM (Source-Specific Multicast) configuration guide

Description This article describes how to configure PIM SSM (Source-specific Multicast).
Scope FortiGate.
Solution
  1. In PIM SSM, the Multicast Receiver Device must be manually configured with the Multicast Source IP and Group IP.

  2. PIM SSM must be enabled on all the devices in the Path between the Multicast Source and receiver.

 

config router multicast

    set multicast-routing enable

        config pim-sm-global

            set ssm enable

        end

  end

 

  1.  IGMPv1/IGMPv2 does not support PIM-SSM, so ensure that IGMPv3 is enabled on the FortiGate interface connected to the Multicast Receiver.

  2. Configure 'multicast-flow' for specific Multicast Source IP and group IP from where the receiver is expecting the Multicast Traffic.

  3. The Multicast-flow was originally introduced to control acceptable multicast traffic under the FortiGate interface connected to the multicast receiver.

  4. static-group configuration under the Interface connected to the Multicast Receivers only applies to cases where there is not any Multicast Receivers that are capable of joining the multicast stream using IGMP.

 

Basically, it is possible to use static-group only in the case there are not any IGMPv3-capable Multicast Receivers or for some other reason, to attract the multicast stream and forward it out on the interface where Multicast Receivers are connected. The FortiGate itself does not become a receiver for the Multicast stream.

 

Sample configuration on FortiGate connected to the Multicast Receiver:

 

config router multicast

    set multicast-routing enable

        config pim-sm-global

            set ssm enable

        end

        config interface

            edit <Interface_Connected_to_Receiver>

                set pim-mode sparse-mode

                set multicast-flow "11"

                set static-group "11"

                    config igmp

                        set version 3

                    end         

            next

            edit <Backbone_Interface>

                set pim-mode sparse-mode

            next

        end

end

 

config router multicast-flow

    edit "11"

        config flows

            edit 1

                set group-addr <Multicast-Group-IP>

                set source-addr <Multicast-Source-IP>

            next

        end

    next

  end
4766
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.