I ran into an issue here:
I have a zone with several members.
Now I need multicast forwarding for airprint between two members of that zone.
intra-zone-traffic is blocked (per default) which is wanted that way.
So any traffic has to be explicitely allowed by a policy.
Now I cannot create a multicast policy for that because of the zone. In multicast policy only the zone is available not its members.
So even mlticast policies from interfaces that are not member of the zone can only have the zone as source or destination interface. I consider this a security risk.
Does anyone have some tip how one can do intra-zone multicast forwarding then?
I additionaly have openend a ticket with TAC on this too
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams