Hi,
does someone know a solution, how to handle the problem, when the routing table next hop via an PIM upstream Router is different from the PIM neighbor IP adressess?
This problem occurs, when the routing table next hop on the FortiGate is a virtual HSRP address, but the PIM neighbor adresses are the real IP adresses. The Reverse Path Forwarding Check will fail in this case and no multicast path will be built up.
Cisco "HSRP aware PIM" is not an option, because it is not available on our Nexus Routers. Another options would be dynamic routing between FG and Routers or clustering the routers via vPC. But I am looking for other solutions on the FG.
Is it possible, to disable the RPF for multicast on the FG?
Many thanks in advance!
Hakan
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi Hakan,
you can check this KB article: https://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD34555&sliceId=...
Benoit
Hi Benoit,
Benoit_Rech_FTNT wrote:you can check this KB article: ...
Many thanks, but this does not match our scenario. Our FG is not a First- or Last-Hop Router, it does not process IGMP or PIM Registering. It has no idea about the RP, works only intermediate with PIM Join and Prune Messages. We already tested the scenario with a static default route to the real Router IP addresses. Yes, this works, but this overrides the HSRP redundancy. If it would be possible, to disable the RPF check for PIM, this would be an idea. But I have no idea, if this is possible.
Best regards. Hakan
Hi Hakan,
unfortunately, there is no way to disable RPF check for multicast on the FortiGate, and you don't have the notion of mroute (multicast routes).
Best regards, Benoit
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1545 | |
1030 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.