Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
PCNSE
NSE
StrongSwan
conf vdom edit root config router multicast set multicast-routing enable set route-limit 20 set route-threshold 20 end ##*******ERROR LISTED BELOW config system settings set multicast-forward enable end config firewall multicast-policy edit 15 set srcaddr 192.168.200.101 255.255.255.255 set srcintf internal1 set dstaddr 239.100.112.112 255.255.255.0 set dstintf internal2 end config router multicast conf interface edit internal1 set dr-priority 1 set hello-interval 65323 set pim-mode sparse-mode set passive enable end conf interface edit internal2 set dr-priority 1 set hello-interval 65323 set pim-mode sparse set passive enable endTEST 1: on a host on 192.168.100.0 (try arabell' s machine) run: iperf -s -u -B 239.100.112.112 -i 1 on the host 192.168.200.101 run... to generate traffic: iperf -c 239.100.112.112 -u -T 32 -t 3 -i 1 RESULT: a single packet is delivered to internal1, internal2, and the client at 192.168.18.0/24 once. When repeated attempts to send any packets occur, they are not received by internal1 (etc). Expected result: 1) no multicast traffic should arrive to sharkbox 2) multicast traffic should be visible on internal1 3) multicast traffic should be visible on internal2 ********ERROR
NY_Internet (root) # conf router multicast NY_Internet (multicast) # set multicast-routing enable NY_Internet (multicast) # set route-limit 20 defaulting route-threshold to route-limit NY_Internet (multicast) # end The current number of installed multicast routes is 3247833. The route limit can not be set lower than the number of installed multicast routes. object set operator error, -7, roll back the setting Command fail. Return code -7When i set the route-limit first, then set multicast-routing enable, the error wasn' t reported. Conclusion So, this method did not work. I have a feeling it is related to not having the fortigate learn the multicast groups by performing queries. What do you think?
PCNSE
NSE
StrongSwan
PCNSE
NSE
StrongSwan
Hi,
Did you ever get this working ..?
I am having the same issue and have no resolution yet ...
Thanks,
Charles K
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1679 | |
1085 | |
752 | |
446 | |
226 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.