Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Jeff_the_Network_Guy
New Contributor III

Airplay MultiCast Routing

At one time back in my FortiOS4.0 days, I had Airplay multicast routing working. The goal was to present an AppleTV in a conference room that was confined to its own SSID to two other SSIDs. That way company guests, and users of company issued iPads could share their display with the conference room projector. Once I upgraded to FortiOS 5, this completely stopped working. Since then I have wiped and reloaded my Fortigate 300c which is now at FortiOS 5.0.7. I am using FortiAPs for my wireless and the 300c is the controller. I have a guest wireless network, and an employee wireless network, and an AppleTV wireless network. I am using the Fortinet " Using Airplay with iOS, FortiAP, and a Fortigate unit" guide. My iphone in the Employee network sees the AppleTV as being present. When I try to connect to it, it seems to connect (you get the blue bar at the top of the phone screen) for 15 seconds and then drops. ADFG16 # id=13 trace_id=3311 msg=" vd-root received a packet(proto=6, 10.20.30.47:57283->172.16.10.5:5000) from EmployeeDevices." id=13 trace_id=3311 msg=" allocate a new session-02e290f6" id=13 trace_id=3311 msg=" Match policy routing: to 172.16.10.1 via ifindex-22" id=13 trace_id=3311 msg=" find a route: gw-172.16.10.1 via root" id=13 trace_id=3311 msg=" iprope_in_check() check failed, drop" id=13 trace_id=3312 msg=" vd-root received a packet(proto=6, 10.20.30.47:57285->172.16.10.5:5000) from EmployeeDevices." id=13 trace_id=3312 msg=" allocate a new session-02e29155" id=13 trace_id=3312 msg=" Match policy routing: to 172.16.10.1 via ifindex-22" id=13 trace_id=3312 msg=" find a route: gw-172.16.10.1 via root" id=13 trace_id=3312 msg=" iprope_in_check() check failed, drop" id=13 trace_id=3313 msg=" vd-root received a packet(proto=6, 10.20.30.47:57285->172.16.10.5:5000) from EmployeeDevices." id=13 trace_id=3313 msg=" allocate a new session-02e29185" id=13 trace_id=3313 msg=" Match policy routing: to 172.16.10.1 via ifindex-22" id=13 trace_id=3313 msg=" find a route: gw-172.16.10.1 via root" id=13 trace_id=3313 msg=" iprope_in_check() check failed, drop" id=12 trace_id=3314 msg=" vd-root received a packet(proto=17, 172.16.10.5:5353->224.0.0.251:5353) from AppleTV." id=12 trace_id=3314 msg=" allocate a new session-02e29190" id=12 trace_id=3314 msg=" trace" id=13 trace_id=3315 msg=" vd-root received a packet(proto=6, 10.20.30.47:57285->172.16.10.5:5000) from EmployeeDevices." id=13 trace_id=3315 msg=" allocate a new session-02e29198" id=13 trace_id=3315 msg=" Match policy routing: to 172.16.10.1 via ifindex-22" id=13 trace_id=3315 msg=" find a route: gw-172.16.10.1 via root" id=13 trace_id=3315 msg=" iprope_in_check() check failed, drop" id=13 trace_id=3316 msg=" vd-root received a packet(proto=6, 10.20.30.47:57285->172.16.10.5:5000) from EmployeeDevices." id=13 trace_id=3316 msg=" allocate a new session-02e291b0" id=13 trace_id=3316 msg=" Match policy routing: to 172.16.10.1 via ifindex-22" id=13 trace_id=3316 msg=" find a route: gw-172.16.10.1 via root" id=13 trace_id=3316 msg=" iprope_in_check() check failed, drop" id=13 trace_id=3317 msg=" vd-root received a packet(proto=6, 10.20.30.47:57285->172.16.10.5:5000) from EmployeeDevices." id=13 trace_id=3317 msg=" allocate a new session-02e291c2" id=13 trace_id=3317 msg=" Match policy routing: to 172.16.10.1 via ifindex-22" id=13 trace_id=3317 msg=" find a route: gw-172.16.10.1 via root" id=13 trace_id=3317 msg=" iprope_in_check() check failed, drop" id=13 trace_id=3318 msg=" vd-root received a packet(proto=6, 10.20.30.47:57285->172.16.10.5:5000) from EmployeeDevices." id=13 trace_id=3318 msg=" allocate a new session-02e291dc" id=13 trace_id=3318 msg=" Match policy routing: to 172.16.10.1 via ifindex-22" id=13 trace_id=3318 msg=" find a route: gw-172.16.10.1 via root" id=13 trace_id=3318 msg=" iprope_in_check() check failed, drop" id=13 trace_id=3319 msg=" vd-root received a packet(proto=6, 10.20.30.47:57285->172.16.10.5:5000) from EmployeeDevices." id=13 trace_id=3319 msg=" allocate a new session-02e291f9" id=13 trace_id=3319 msg=" Match policy routing: to 172.16.10.1 via ifindex-22" id=13 trace_id=3319 msg=" find a route: gw-172.16.10.1 via root" id=13 trace_id=3319 msg=" iprope_in_check() check failed, drop" id=12 trace_id=3320 msg=" vd-root received a packet(proto=17, 172.16.10.5:5353->224.0.0.251:5353) from AppleTV." id=12 trace_id=3320 msg=" allocate a new session-02e29263" id=12 trace_id=3320 msg=" trace"
----------------(-- Jeff
----------------(-- Jeff
3 REPLIES 3
Jeff_the_Network_Guy
New Contributor III

I suppose my post should have ended with, has anyone gotten this to work, and how?
----------------(-- Jeff
----------------(-- Jeff
natech
New Contributor

Our requirement in an education environment was to have the Apple TV units available to both the student and faculty networks. Both student and faculty are on their own VLANs. They each sit on their own VLAN. I put the Apple TV units on their own VLAN and created multicast policies for traffic for student VLAN <-> Apple TV VLAN & faculty VLAN <-> Apple TV VLAN. Works great for us. While I originally tried to be clever with the policy, I wound up using an " ALL" as far as traffic type goes, since specifying port ranges (even per Apple documentation) would cause things like Airplay screen mirroring to fail.
rtejeda
New Contributor

Jeff the Network Guy wrote:
At one time back in my FortiOS4.0 days, I had Airplay multicast routing working. The goal was to present an AppleTV in a conference room that was confined to its own SSID to two other SSIDs. That way company guests, and users of company issued iPads could share their display with the conference room projector. Once I upgraded to FortiOS 5, this completely stopped working. Since then I have wiped and reloaded my Fortigate 300c which is now at FortiOS 5.0.7. I am using FortiAPs for my wireless and the 300c is the controller. I have a guest wireless network, and an employee wireless network, and an AppleTV wireless network. I am using the Fortinet " Using Airplay with iOS, FortiAP, and a Fortigate unit" guide. My iphone in the Employee network sees the AppleTV as being present. When I try to connect to it, it seems to connect (you get the blue bar at the top of the phone screen) for 15 seconds and then drops. ADFG16 # id=13 trace_id=3311 msg=" vd-root received a packet(proto=6, 10.20.30.47:57283->172.16.10.5:5000) from EmployeeDevices." id=13 trace_id=3311 msg=" allocate a new session-02e290f6" id=13 trace_id=3311 msg=" Match policy routing: to 172.16.10.1 via ifindex-22" id=13 trace_id=3311 msg=" find a route: gw-172.16.10.1 via root" id=13 trace_id=3311 msg=" iprope_in_check() check failed, drop" id=13 trace_id=3312 msg=" vd-root received a packet(proto=6, 10.20.30.47:57285->172.16.10.5:5000) from EmployeeDevices." id=13 trace_id=3312 msg=" allocate a new session-02e29155" id=13 trace_id=3312 msg=" Match policy routing: to 172.16.10.1 via ifindex-22" id=13 trace_id=3312 msg=" find a route: gw-172.16.10.1 via root" id=13 trace_id=3312 msg=" iprope_in_check() check failed, drop" id=13 trace_id=3313 msg=" vd-root received a packet(proto=6, 10.20.30.47:57285->172.16.10.5:5000) from EmployeeDevices." id=13 trace_id=3313 msg=" allocate a new session-02e29185" id=13 trace_id=3313 msg=" Match policy routing: to 172.16.10.1 via ifindex-22" id=13 trace_id=3313 msg=" find a route: gw-172.16.10.1 via root" id=13 trace_id=3313 msg=" iprope_in_check() check failed, drop" id=12 trace_id=3314 msg=" vd-root received a packet(proto=17, 172.16.10.5:5353->224.0.0.251:5353) from AppleTV." id=12 trace_id=3314 msg=" allocate a new session-02e29190" id=12 trace_id=3314 msg=" trace" id=13 trace_id=3315 msg=" vd-root received a packet(proto=6, 10.20.30.47:57285->172.16.10.5:5000) from EmployeeDevices." id=13 trace_id=3315 msg=" allocate a new session-02e29198" id=13 trace_id=3315 msg=" Match policy routing: to 172.16.10.1 via ifindex-22" id=13 trace_id=3315 msg=" find a route: gw-172.16.10.1 via root" id=13 trace_id=3315 msg=" iprope_in_check() check failed, drop" id=13 trace_id=3316 msg=" vd-root received a packet(proto=6, 10.20.30.47:57285->172.16.10.5:5000) from EmployeeDevices." id=13 trace_id=3316 msg=" allocate a new session-02e291b0" id=13 trace_id=3316 msg=" Match policy routing: to 172.16.10.1 via ifindex-22" id=13 trace_id=3316 msg=" find a route: gw-172.16.10.1 via root" id=13 trace_id=3316 msg=" iprope_in_check() check failed, drop" id=13 trace_id=3317 msg=" vd-root received a packet(proto=6, 10.20.30.47:57285->172.16.10.5:5000) from EmployeeDevices." id=13 trace_id=3317 msg=" allocate a new session-02e291c2" id=13 trace_id=3317 msg=" Match policy routing: to 172.16.10.1 via ifindex-22" id=13 trace_id=3317 msg=" find a route: gw-172.16.10.1 via root" id=13 trace_id=3317 msg=" iprope_in_check() check failed, drop" id=13 trace_id=3318 msg=" vd-root received a packet(proto=6, 10.20.30.47:57285->172.16.10.5:5000) from EmployeeDevices." id=13 trace_id=3318 msg=" allocate a new session-02e291dc" id=13 trace_id=3318 msg=" Match policy routing: to 172.16.10.1 via ifindex-22" id=13 trace_id=3318 msg=" find a route: gw-172.16.10.1 via root" id=13 trace_id=3318 msg=" iprope_in_check() check failed, drop" id=13 trace_id=3319 msg=" vd-root received a packet(proto=6, 10.20.30.47:57285->172.16.10.5:5000) from EmployeeDevices." id=13 trace_id=3319 msg=" allocate a new session-02e291f9" id=13 trace_id=3319 msg=" Match policy routing: to 172.16.10.1 via ifindex-22" id=13 trace_id=3319 msg=" find a route: gw-172.16.10.1 via root" id=13 trace_id=3319 msg=" iprope_in_check() check failed, drop" id=12 trace_id=3320 msg=" vd-root received a packet(proto=17, 172.16.10.5:5353->224.0.0.251:5353) from AppleTV." id=12 trace_id=3320 msg=" allocate a new session-02e29263" id=12 trace_id=3320 msg=" trace"

Hi guys,

 

I have exactly the same problem here. I´m running FortiOS 5.2.2 and using both FortiAPs and external access points. Everything is fine in the same VLAN but my AirPlay drops the connection after 10-15 seconds.

 

I´ve tried all kind of policies (IPv4 and multicast as well) with no result. Any help on this?

 

Thanks,

Raúl

Top Kudoed Authors