Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
mortirolo
New Contributor

Multicast policy

Multicast policy rules aren' t logged to our analyzers, or it' s not possible it seems, as under multicast policy rules there is no option to log. Anyone out there know a good multicast command to troubleshoot a S,G from the command line.
3 REPLIES 3
anonimis
New Contributor

What firmware version are you using? There is an option to log allowed traffic in firmware 5.2 (GA) in the GUI
Istvan_Takacs_FTNT

On the FGT: # diagnose sniffer packet any ' host <multicast IP> ' 4 a or # diagnose debug console timestamp enable # diagnose debug flow show console enable # diagnose debug flow show f enable # diagnose debug flow filter addr <multicast IP> # diagnose debug flow trace start 10 # diagnose debug enable
Benoit_Rech_FTNT

To troubleshoot multicast, the following commands are useful:

#diag sniffer packet <interface> 'host <G>' 4 0 a

 

#get router info multicast table [<G>]

#get router info multicast table-count

 

If PIM sparse-mode is used:

#get router info multicast pim sparse-mode bsr-info

#get router info multicast pim sparse-mode rp-mapping

#get router info multicast pim sparse-mode neighbour

#get router info multicast pim sparse-mode interface

#get router info multicast pim sparse-mode next-hop

#get router info multicast pim sparse-mode table [<G>]

 

If PIM dense-mode is used:

#get router info multicast pim dense-mode neighbour

#get router info multicast pim dense-mode interface

#get router info multicast pim dense-mode next-hop

#get router info multicast pim dense-mode table <G>

 

'diag debug flow' is useless, there is no explicit firewall session created on the Fortigate for the multicast traffic.

 

Benoit

 

Labels
Top Kudoed Authors