Hello all.
Need help with broadcat to Chromecast not working correctly. It all worked well till one day, it simply stopped. I can still find those on the same VLAN so broadcast is ok on the same VLAN (with this i excluded any potential problem with my Unifi and Aruba AP structure since traffic inside them is fine). I can't find any Chromecast on different vlan but when i joint that network and do not close my Google Chrome it stays discovered and castable even when i join on other vlan.
Now to the configuration, 90% off my vlans are on the same zone, intra-zone traffic is enabled, policies from and to the same zone are fully allowed (all to all). Multicast routing is enabled (with this i assume that it should route regardlles of multicast policies since even with all all on Multicast-policy there is no hit on any rule).
I tried to disable multicast routing once and it started to find every chromecast anywhere but i immediately noticed DHCP problems. I don't remember if my rule was all to all or all to bonjour and 239.255.255.250 (is the discovey address used by chromecast?) need to retry this. Well also i can't allow multicast policy from a zone to the same zone so i also assume that it is implicitly allowed, right? And a "any to any all" will take precedence over my "any to DC" rule right? So how do i stop bcs going to my data center? If i have to disable rounting and take car of avery BC relation between zones it can get messy. Any thoughts on this, how do you manage broascast policies?
yes that is because it needs broadcast for the discovery. But mostly those are not routeable between diffrerent subents or vlans. This also affects e.g. apple airprint or DHCP.
To bring broadcast traffic over to a different subnet or vlan you will have to have some proxy.
FortiOS natively only offers this for DHCP (DHCP Relay).
I remember that HP/Aruba switches did that but DELL e.g. does not...
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
The gateway for each vlan is the vlan interface on the Fortigate it self and each of those have a DHCP service running for that vlan. As you put it DHCP would not traverse subnets and in my case i don't need it to, since the service runs on the same subnet. Why did it affect DHCP when Multicast routing was off?
I just mentioned DHCP as annother example. DHCP is UDP Broadcast traffic just as Chromecast or airprint. If you want that to work across vlans/subnets you need to proxy this traffic.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.