FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes that some multicast applications set the TTL value too low or even 1 to limit the propagation of Muticast traffic within the LAN. TTL should be sufficient to cover the entire multicast domain.
Scope
FortiOS Multicast Traffic.
Solution
If FortiGate receives the multicast traffic with TTL=1, as expected it will drop the traffic. This can be verified by looking into the TTL value in the packet capture.
# diagnose sniffer packet any 'host <muticast-group>' 6 0 a
1) Increase the TTL on the source (application level). Most multicast applications include the ability to define the TTL value.
2) Use the multicast-ttl-notchange option so that FortiGate does not decrease the TTL value for forwarded multicast packets.
# config system settings set multicast-ttl-notchange enable end
